-
Notifications
You must be signed in to change notification settings - Fork 14
iptables string regex
Seongmyun Cho edited this page Oct 15, 2016
·
8 revisions
First, download the library kernel modules and install them.
After installing PCRE LKM(libpcre2-x.ko) and REGEX text search engine(ts_regex.ko), you can filter packets using REGEX syntax like this. ( Netfilter string extension makes use of text search kernel modules. )
iptables -A INPUT -p icmp -m string \
--string "/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/smi" --algo regex -j DROP
The regex pattern is give in the format:
/<regex>/options
, where accepted options are [N|G|f|p|i|m|s|x|1|2|3].
N: REG_NOSUB
Do not report the position of matches.
G: REG_UNGREEDY
f: REG_UTF
p: REG_UCP
i: REG_ICASE
Do not differentiate case.
m: REG_NEWLINE
Match-any-character operators don't match a newline.
s: REG_DOTALL
x: REG_EXTENDED
Use POSIX Extended Regular Expression syntax when interpreting regex.
If not set, POSIX Basic Regular Expression syntax is used.
1: REG_NOTBOL
The match-beginning-of-line operator always fails to match (but see the compilation flag REG_NEWLINE above).
This flag may be used when different portions of a string are passed to regexec() and the beginning of the string
should not be interpreted as the beginning of the line.
2: REG_NOTEOL
The match-end-of-line operator always fails to match (but see the compilation flag REG_NEWLINE above).
3: REG_NOTEMPTY
"My colleague and I have been using your kpcre implementation extensively and have been finding it incredibly well-designed and comprehensive. Many thanks for all your efforts."
- Michael, Verisign, Inc.