ipt_tcpbreak

Break TCP-connect (linux netfilter target extension)

Sending optional string to client, send tcp-reset to client, send tcp-reset to server and break conntrack connection.

The minimum requirements for the kernel configuration CONFIG_NF_CONNTRACK=m or y

Developed for kernel 4.X (tested on 4.8.6, 4.4.x, 3.18.44)

Example:

 # iptables -A FORWARD -m state --state INVALID -j DROP
 # iptables -A FORWARD -p tcp --dport 8080 -m string --string "GET " --algo bm -j TCPBREAK --http302 'http://localhost/'
 # iptables -A INPUT -m state --state INVALID -j DROP
 # iptables -A INPUT -p tcp --dport 8080 -m string --string "GET " --algo bm -j TCPBREAK --http302 'http://localhost/'
 # iptables -A INPUT -p tcp --dport 25 -m string --string "ehlo" --algo bm -j TCPBREAK --raw 'quit\r\n'

About

Break TCP-connect. Linux netfilter target extension

c ipt-tcpbreak linux netfilter

GNU General Public License v3.0

Languages

Language:C 94.5%Language:Makefile 5.5%