# iptables matching on TCP OPTIONS



## burek021 (Nov 11, 2010)

Hi,

I've been trying Google for hours now, and had no luck with this 

Is it possible to use TCP OPTIONS field ( 
[url]http://en.wikipedia.org/wiki/Transmission_Control_Protocol[/URL] ) to put a short 
string (text) in the tcp option area of an TCP packet (as a new, custom, 
option) and later match those packets with iptables using --tcp-option?

Are there any example out there that are explaining how to match a tcp 
packet, based on the custom option's value (short text that i'd like to put 
in it)?

Thanks to all who can help.


----------



## shdwsclan (Nov 29, 2010)

iptables is just a dumb firewall.
It would never, for example, detect a portscan.

I think what you want is an IPS/IDS (Intrusion Protection/Preventions/Detection System).
Its also called a policy manager, as it managers your IPTables policies.

This will actually set your nic promiscous mode and use something like pcap to look at at all the packets and update iptables as necessary.

An IPS/IDS would detect a portscan and block the ip initiating one, either for a short time or indefinitely.

A popular IDS/IPS/Policy Manager is IDS Snort aka Snort....


----------

