Question: How can I block traffic coming from specific operating system in Linux? In other words, how can I block traffic from Windows users on my firewall and allows other people?
Answer: There is an iptables module named OSF (passive OS Fingerprinting) that was written by Evgeniy Polyakov. This module allows passively detect OS packet was sent from and perform various netfilter actions based on this match. Packets with SYN bit set are analyzed.
In order to install OSF module, do the following:
1. Download latest release from here, for example as follows:
wget http://tservice.net.ru/~s0mbre/archive/osf/osf-2008_06_14.tar.gz
2. Edit Makefile from unpacked archive in order to set proper path to iptables headers (iptables.h and libiptc/ dir).
3. If your kernel sources can not be accessed via /lib/modules/$(shell uname -r)/build, you have to replace KDIR variable with the correct path to kernel sources.
4. Run make that should build ipt_osf.ko kernel module.
5. Run make lib that will build libipt_osf.so shared library (copy it to where all other iptables shared libs are placed in your distro e.g. /lib/iptables or /lib64/iptables in Fedora).
6. Run make bin that will build userspace applications which allows to load fingerprints and obtain information about matched packets (load, osfd, ucon_osf).
7. Download signatures list:
wget http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
8. Install kernel module:
insmod ./ipt_osf.ko
9. Load signatures:
./load ./pf.os /proc/sys/net/ipv4/osf
10. Set up iptables rules allowing/disallowing packets generated by certain OS:
iptables -I INPUT -j ACCEPT -p tcp -m osf --genre Linux --log 0 --ttl 2
This example allows traffic from Linux systems and logs packets from other ones:
ipt_osf: Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -> 11.22.33.44:139
BTW, OSF has following options:
- –log
If present, OSF will log determined genres even if they don’t match desired one.
0 – log all matched and unknown entries.
1 – only first one.
2 – log all matched entries. - –ttl
0 – true ip and fingerprint TTL comparison. Works for LAN.
1 – check if ip TTL is less than fingerprint one. Works for global addresses.
2 – do not compare TTL at all. Allows to detect NMAP, but can produce false results. - –connector
If present, OSF will log all events also through netlink connector(1.0 id).
More about connector can be found inDocumentation/connectorin kernel source tree.
Pingback : Cum sa filtram packetele in functie de SO in iptables | ArLUG (Arad Linux Users Group)
kristy alley reality show
silencer designs for guns
centerfire rifle bullet size chart ammunition
sas shoe store locations in san jose
winchester centennial 66 value
mugen anime screenpack download
mykawa jail visiting hours
lite blue usps
ithaca skb xl900 schematic
gatti town in hattiesburg ms
dont forget baout us
lil wayne cut his dreads
dekalb county jail indiana inmates
kristy alley nude pic
1991 jeep cherokee belt diagram
video escandaloso de michel
bui yah kai
sexviet com
yl2 27ch2
mayday eli
winrich perfecta gas
3970014 hecho mexico
redboy boudreaux mixed
gorditas en minifalda durmiendo
ruger 3 screw black 44
xxx guanacas
bluenose pitbull kennels
ecc correction org inmate lookup
panochas mexicanas amateurs
descuidos mujeres faldas
ammo cans dallas
cp 575 form
dearborn gas heaters
cerita ngentot di mobil
1994 fzr 1000 stator
american pageant guidebook answers chapter 39
nang kieu hiep dam
95 lexus es300 hubcaps dallas tx
muchachas cojiendo
ap us history workbook answers
Pretty section of content. I just stumbled upon your website and in accession capital to assert that I acquire actually enjoyed account your blog posts. Any way I will be subscribing to your feeds and even I achievement you access consistently fast.
Muy buen blog, podrias compartir como es que le haces para no tener spam en tu pagina ya que debo decir que se ve muy limpia de basura… podrias darnos algunos tips… Muchas Gracias!
I have been gone for some time, but now I remember why I used to love this website. Thank you, Iâ??ll try and check back more frequently. How frequently do you update your website?
Peculiar this put up is totaly unrelated to what I was looking out google for, but it surely was indexed on the first page. I guess your doing something right if Google likes you enough to put you on the first web page of a non similar search.
zobacz nasz katalog stron