On Fri, Aug 20, 2021 at 04:08:23PM +0000, Qontinuum wrote:
> On Fri, Aug 20, 2021 at 11:48:40AM -0400, Ruben Safir wrote:
> > I don't understand how they can move to nft if nft isn't close to being
> > finished with no string matching? Doesn't this leave firewalls across
> > the entire internet exposed?
>
> nft is already enough for a great majority of use cases for a long time
> now.
>
> I don't know if it support string matching but as already stated it has
> raw expressions. Also, people don't expose private services to internet
> and they use specialized software to do DPI.
I restarted the box and the new kernel seems to work better, but now it
is stuck on hexstring
[www3 ~]# /sbin/iptables-legacy -I INPUT -p udp --dport 53 -m string
--hex-string '|03|www|08|pizzaseo|03|com|' -–algo bm -j DROP
iptables v1.8.7 (legacy): unknown option "|03|www|08|pizzaseo|03|com|"
hexstring has to get an argument of that format so I am lost as to its
complaint
>
> --
> qontinuum
> --
> artix-general mailing list
> artix-general at artixlinux.org
> https://lists.artixlinux.org/listinfo/artix-general
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
More information about the artix-general
mailing list