Discussion:
[Shorewall-users] iptables rule with hex pattern to shorewall rule
Wouter Deurholt
2017-01-11 20:47:58 UTC
Permalink
Hi,

I need a iptables rule translated in a shorewall rule that filters on a port and a hex pattern. The rule is used to filter out packets send to a specific port (udp 53) to a specific subdomain (the hex pattern) to be forwarded it to another port where it will be handled by a program that listens to that (other) port (5353). I cannot seem to find out the right rule. Second, I'm unsure where to place it in my 'rules' file. Please your help / advice.

The rule:
iptables -t nat -A PREROUTING -p udp --dport 53 -m string --algo bm --from 20 --hex-string "|024a4a0364615000|" -j REDIRECT --to-ports 5353


Thanks in advance,

Wouter



---- ---- ---- ---- ---- ---- ---- ----
| Wouter Y. Deurholt | [***@wdmail.nl](http://wdmail.nl) | Secured by [ProtonMail](https://protonmail.com) |
Tom Eastep
2017-01-11 21:21:05 UTC
Permalink
Post by Wouter Deurholt
Hi,
I need a iptables rule translated in a shorewall rule that filters
on a port and a hex pattern. The rule is used to filter out packets
send to a specific port (udp 53) to a specific subdomain (the hex
pattern) to be forwarded it to another port where it will be
handled by a program that listens to that (other) port (5353). I
cannot seem to find out the right rule. Second, I'm unsure where to
place it in my 'rules' file. Please your help / advice.
iptables -t nat -A PREROUTING -p udp --dport 53 -m string --algo bm
--from 20 --hex-string "|024a4a0364615000|" -j REDIRECT --to-ports
5353
REDIRECT ??? 5353 udp 53 ;; -m string --algo bm \
--from 20 --hex-string "|024a4a0364615000|"

(I have broken the rule into two lines because my mailer folds long
lines. You don't need to do that.

That syntax assumes that you are running a recent version of Shorewall.

I'm unclear what the SOURCE should be in your case -- probably 'net';
your rule would be applied to all packets entering the Shorewall system.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Wouter Deurholt
2017-01-12 22:39:48 UTC
Permalink
Thanks,
Saved my day. Works like a charm.
As a bonus: I learned something :)



---- ---- ---- ---- ---- ---- ---- ----
| Wouter Y. Deurholt | [***@wdmail.nl](http://wdmail.nl) | Secured by [ProtonMail](https://protonmail.com) |



-------- Original Message --------
Subject: Re: [Shorewall-users] iptables rule with hex pattern to shorewall rule
Local Time: 11 januari 2017 10:21 PM
UTC Time: 11 januari 2017 21:21
From: ***@shorewall.net
To: shorewall-***@lists.sourceforge.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Wouter Deurholt
Hi,
I need a iptables rule translated in a shorewall rule that filters
on a port and a hex pattern. The rule is used to filter out packets
send to a specific port (udp 53) to a specific subdomain (the hex
pattern) to be forwarded it to another port where it will be
handled by a program that listens to that (other) port (5353). I
cannot seem to find out the right rule. Second, I'm unsure where to
place it in my 'rules' file. Please your help / advice.
iptables -t nat -A PREROUTING -p udp --dport 53 -m string --algo bm
--from 20 --hex-string "|024a4a0364615000|" -j REDIRECT --to-ports
5353
REDIRECT ??? 5353 udp 53 ;; -m string --algo bm \
--from 20 --hex-string "|024a4a0364615000|"

(I have broken the rule into two lines because my mailer folds long
lines. You don't need to do that.

That syntax assumes that you are running a recent version of Shorewall.

I'm unclear what the SOURCE should be in your case -- probably 'net';
your rule would be applied to all packets entering the Shorewall system.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Loading...