Dear Serverfault community,
I have the following problem: I need to reset (disconnect) tcp connections on both network sides immediately if a certain string is encountered in the packet data. I don't have control over the applications on both sides and can only use linux iptables (or similar tools) to do the connection abort.
My first idea was to use the following iptables rule to achieve what I was looking for:
/usr/sbin/iptables -A INPUT -p tcp --dport 1234 -m string --algo bm --string 'BAD STRING' -j REJECT --reject-with tcp-reset
This works perfectly on the remote side by sending a TCP RST packet to the client which will therefore be disconnected immediately. Unfortunately the local side will not be notified upon the forced disconnect and the server process (connection) hangs forever.
I thought the requirement to immediately disconnect an already established connection on both sides on a certain condition (a string match in an IP packet in this case) isn't very unusual. So I did a Google search but to my surprise couldn't find anything usable in a reasonable amount of time.
Is there a way to achieve a tcp disconnect on both network sides using iptables? If not, what other tools could I use (bear in mind I don't have control over the client/server applications)?
Thank you very much in advance for your valuable answers!
Best regards,
Jens
Best Answer
You can use xt_RESET, e.g.,
-j RESET