3. »õ·Î¿î netfilter matches

ÀÌ Àý¿¡¼­, »õ·Î¿î netfilter matchesÀÇ »ç¿ë¹ýÀ» ¼³¸íÇÒ °ÍÀÌ´Ù. ÀÌ ÆÐÄ¡µéÀº ¾ËÆÄºª ¼ø¼­·Î ³ªÅ¸³¾ °ÍÀÌ´Ù. ºÎ°¡ÀûÀ¸·Î, ¿µÇâÀ» ¹ÌÄ¡´Â ´Ù¸¥ ÆÐÄ¡¿¡ ´ëÇÑ ¼³¸íÀº ¾ø´Ù. ÀÌ´Â ´ÙÀ½ ¹öÀü ¹®¼­¿¡ Æ÷Ç﵃ °ÍÀÌ´Ù.

ÀϹÝÀûÀ¸·Î, ´ÙÀ½°ú °°ÀÌ ÇÏ¸é Æ¯º°ÇÑ ¸ðµâ·ÎºÎÅÍ ÈùÆ®¸¦ ¾òÀ» ¼ö ÀÖ´Ù.

# iptables -m the_match_you_want --help
	

ÀÌ´Â º¸ÅëÀÇ iptables µµ¿ò¸»À» º¸¿©ÁÖ°í, °Å±â¿¡ ´õÇØ¼­ ³¡¿¡ ¸í½ÃµÈ ``¿øÇÏ´Â match''¿¡ ÇØ´çµÇ´Â µµ¿ò¸»À» º¸¿©ÁØ´Ù.

3.1. ah-esp patch

ÀÌ ÆÐÄ¡´Â Yon Uriarte <yon@astaro.de>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾ú°í ´ÙÀ½ÀÇ 2°¡Áö »õ·Î¿î matches¸¦ ÇÑ °ÍÀÌ´Ù :

ÀÌ ÆÐÄ¡´Â SPI¿¡ ±âÃÊÇÑ ¿¬°áµéÀ» ±¸ºÐÁþ°íÀÚ IPSECÀ» »ç¿ëÇÏ´Â »ç¶÷µé¿¡°Ô À¯¿ëÇÒ ¼ö ÀÖ´Ù.

¿¹¸¦ µé¾î, ´ÙÀ½°ú °°ÀÌ Çϸé 500°ú ÀÏÄ¡ÇÏ´Â SPI¸¦ °¡Áö´Â ¸ðµç AH ÆÐŶÀ» µå·Ó½Ãų¼ö ÀÖ´Ù.

# iptables -A INPUT -p 51 -m ah --ahspi 500 -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       ipv6-auth--  anywhere             anywhere           ah spi:500
		

ah match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

esp matchµµ ¶È°°ÀÌ ÀÛ¿ëÇÑ´Ù.

# iptables -A INPUT -p 50 -m esp --espspi 500 -j DROP
# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       ipv6-crypt--  anywhere             anywhere           esp spi:500 
		

esp match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

ah ¶Ç´Â esp match¸¦ »ç¿ëÇÒ¶§, ¶Ç´Â ¸í¹éÇÑ ÀÌÀ¯·Î ·ê ÷°¡¸¦ Áß´ÜÇϰíÀÚ ÇÒ¶§, ``-p 50'' ¶Ç´Â ``-p 51'' (esp & ah °¢°¢)À» ÅëÇØ ÀûÀýÇÑ ÇÁ·ÎÅäÄÝÀ» ¸í½ÃÇÏ´Â °ÍÀ» ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù.

3.2. iplimit patch

ÀÌ ÆÐÄ¡´Â Gerd Knorr <kraxel@bytesex.org>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ƯÁ¤ È£½ºÆ®³ª ³×Æ®¿öÅ©·ÎºÎÅÍÀÇ TCP ¿¬°á °¹¼ö¸¦ ¾î¶»°Ô Á¦ÇÑÇÏ´ÂÁö¿¡ ´ëÇÑ »õ·Î¿î match¸¦ ÇÑ °ÍÀÌ´Ù.

¿¹¸¦ µé¾î, ÇÑ IP ÁÖ¼Ò¿¡ ÀÇÇÑ HTTP ¿¬°á °¹¼ö·Ñ 4°³·Î Á¦ÇÑÇÏ·Á°í Çϸé :

# iptables -A INPUT -p tcp --syn --dport http -m iplimit --iplimit-above 4 -j REJECT

# iptables --list
Chain INPUT (policy ACCEPT)
target   prot opt source    destination         
REJECT   tcp  --  anywhere  anywhere     tcp dpt:http flags:SYN,RST,ACK/SYN #conn/32 > 4 reject-with icmp-port-unreachable
		

¶Ç´Â ¿¹¸¦ µé¾î class A ÀüüÀÇ ¿¬°á °¹¼ö¸¦ Á¦ÇÑÇϱ⸦ ¿øÇÑ´Ù¸é :

# iptables -A INPUT -p tcp --syn --dport http -m iplimit --iplimit-mask 8 --iplimit-above 4 -j REJECT

# iptables --list
Chain INPUT (policy ACCEPT)
target   prot opt source    destination         
REJECT   tcp  --  anywhere  anywhere     tcp dpt:http flags:SYN,RST,ACK/SYN #conn/8 > 4 reject-with icmp-port-unreachable
		

iplimit patch°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.3. ipv4options patch

ÀÌ ÆÐÄ¡´Â Fabrice MARIE <fabrice@celestix.com>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ¼³Á¤µÈ IP ¿É¼Ç¿¡ ÀÇÇØ ÆÐŶÀ» matchÇÒ ¼ö ÀÖ°Ô ÇÒ ¼ö ÀÖµµ·Ï »õ·Î¿î match¸¦ ÇÑ °ÍÀÌ´Ù.

¿¹¸¦ µé¾î, IP ¿É¼Ç¿¡ ¼³Á¤µÈ record-route ¶Ç´Â timestamp¸¦ °¡Áø ¸ðµç ÆÐŶÀ» µå·ÓÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÑ´Ù :

# iptables -A INPUT -m ipv4options --rr -j DROP
# iptables -A INPUT -m ipv4options --ts -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            IPV4OPTS RR
DROP       all  --  anywhere             anywhere            IPV4OPTS TS
		

ipv4options match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.4. length patch

ÀÌ ÆÐÄ¡´Â James Morris <jmorris@intercode.com.au>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ±æÀÌ¿¡ ±âÃÊÇÑ ÆÐŶÀ» matchÇÒ ¼ö ÀÖ°Ô »õ·Î¿î match¸¦ ÇÑ °ÍÀÌ´Ù.

¿¹¸¦ µé¾î, 85 ¹ÙÀÌÆ®º¸´Ù Å« ÆÐŶ Å©±â¸¦ °¡Áø ¸ðµç ping packetÀ» µå·ÓÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù :

# iptables -A INPUT -p icmp --icmp-type echo-request -m length --length 85:0xffff -j DROP

# ptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere           icmp echo-request length 85:65535
		

length match¿¡ ´ëÇÑ ºÎ°¡ÀûÀÎ ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

Ç¥ÇöµÇÁö ¾ÊÀº valueÀÇ ¹üÀ§´Â ³»Æ÷µÇ¾î ÀÖÀ» °ÍÀÌ´Ù. ³»Æ÷µÈ value´Â ÃÖ¼Ò 0, ÃÖ°í 65535ÀÌ´Ù.

3.5. mport patch

ÀÌ ÆÐÄ¡´Â Andreas Ferber <af@devcon.net>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, TCP, UDP ¿¬°á¿¡ ´ëÇØ ´ÜÀÏÆ÷Æ®¿Í Æ÷Æ®¹üÀ§¸¦ Á¶ÇÕÇØ¼­ Æ÷Æ®¸¦ ¸í½ÃÇÒ¼ö ÀÖµµ·Ï »õ·Î¿î match¸¦ ÇÑ °ÍÀÌ´Ù.

¿¹¸¦ µé¾î, ÇÑ ¶óÀο¡¼­ ftp, ssh, telnet, http¸¦ ¸·±â¸¦ ¿øÇÑ´Ù¸é, ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -p tcp -m mport --ports 20:23,80 -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere           mport ports ftp-data:telnet,http
		

mport match¿¡ ´ëÇÑ ºÎ°¡ÀûÀÎ ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.6. nth patch

ÀÌ ÆÐÄ¡´Â Fabrice MARIE <fabrice@celestix.com>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ·ê¿¡ ÀÇÇØ ¹ÞÀº ƯÁ¤ N¹øÂ° ÆÐŶÀ» matchÇÒ ¼ö ÀÖµµ·Ï »õ·Î¿î match¸¦ ÇÑ °ÍÀÌ´Ù.

¿¹¸¦ µé¾î, ¸Å 2¹øÂ° ÇÎ ÆÐŶÀ» µå·ÓÇÏ±æ ¿øÇÑ´Ù¸é, ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -p icmp --icmp-type echo-request -m nth --every 2 -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere           icmp echo-request every 2th 
		

ÀÌ ÆÐÄ¡´Â Richard Wagner <rwagner@cloudnet.com>¿¡ ÀÇÇØ È®ÀåµÇ¾ú´Âµ¥, ÀÌ´Â inbound¿Í outbound ¿¬°á¿¡ ´ëÇÑ ·Îµå ¹ë·±½ÌÀ» Á¦°øÇÏ´Â ½±°í ºü¸¥ ¹æ¹ýÀ» ¸¸µé ¼ö ÀÖ°Ô ÇØÁØ´Ù.

¿¹¸¦ µé¾î, 10.0.0.5, 10.0.0.6, 10.0.0.7ÀÇ 3°³ ÁÖ¼Ò¿¡ ´ëÇÑ ·Îµå ¹ë·±½ÌÀ» ¿øÇÑ´Ù¸é, ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 0 -j SNAT --to-source 10.0.0.5
# iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 1 -j SNAT --to-source 10.0.0.6
# iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 2 -j SNAT --to-source 10.0.0.7

# iptables -t nat --list
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  anywhere             anywhere           every 3th packet #0 to:10.0.0.5 
SNAT       all  --  anywhere             anywhere           every 3th packet #1 to:10.0.0.6 
SNAT       all  --  anywhere             anywhere           every 3th packet #2 to:10.0.0.7 
		

nth match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.7. pkttype patch

ÀÌ ÆÐÄ¡´Â Michal Ludvig <michal@logix.cz>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, È£½ºÆ®/ºê·Îµåij½ºÆ®/¸ÖƼij½ºÆ® µî ±× ŸÀÔ¿¡ ±âÃÊÇÑ ÆÐŶÀ» matchÇÒ ¼ö ÀÖµµ·Ï »õ·Î¿î match¸¦ ÇÑ °ÍÀÌ´Ù.

¿¹¸¦ µé¾î, ¸ðµç ºê·Îµåij½ºÆ® ÆÐŶÀ» Á¶¿ëÈ÷ µå·Ó½ÃŰ±æ ¿øÇÑ´Ù¸é :

# iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere           PKTTYPE = broadcast 
		

pkttype match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.8. pool patch

Patrick Schaaf <bof@bof.de>.¿¡ ÀÇÇØ ÆÐÄ¡µÇ¾ú°í, Joakim Axelsson and Patrick¿¡ ÀÇÇØ ÀçÀÛ¼ºÁß¿¡ ÀÖ´Ù. ±×·¯¹Ç·Î ÀÌ ºÎºÐÀº °ð ¹Ù²ð °ÍÀÌ´Ù.

3.9. psd patch

ÀÌ ÆÐÄ¡´Â Dennis Koslowski <dkoslowski@astaro.de>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, Æ÷Æ® ½ºÄµÀ» ŽÁöÇϴµ¥ °üÇÑ »õ·Î¿î matchÀÌ´Ù.

°¡Àå °£´ÜÇÑ ÇüÅ·Î, psd match´Â ´ÙÀ½°ú °°ÀÌ »ç¿ëµÉ ¼ö ÀÖ´Ù :

# iptables -A INPUT -m psd -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target  prot opt source    destination         
DROP    all  --  anywhere  anywhere    psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1
		

psd match°¡ Á¦°øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.10. random patch

ÀÌ ÆÐÄ¡´Â Fabrice MARIE <fabrice@celestix.com>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ÁÖ¾îÁø È®·ü¿¡ ±âÃÊÇÑ ÆÐŶÀ» ·£´ýÇÏ°Ô °è»êÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â »õ·Î¿î matchÀÌ´Ù.

¿¹¸¦ µé¾î, 50%ÀÇ ÇÎ ÆÐŶÀ» ·£´ýÇÏ°Ô µå·ÓÇϱ⸦ ¿øÇÑ´Ù¸é, ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -p icmp --icmp-type echo-request -m random --average 50 -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source       destination         
DROP       icmp --  anywhere     anywhere        icmp echo-request  random 50% 
		

random patch°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.11. realm patch

ÀÌ ÆÐÄ¡´Â Sampsa Ranta <sampsa@netsonic.fi>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ÆÐŶ ºÐ·ùÀÚ¿¡ ³ªÅ¸³ª´Â Ű¿Í À¯»çÇÑ ±âÁذú ÀÏÄ¡ÇÏ´Â °ÍÀ¸·Î½á ¶ó¿ìÆÃ ¿µ¿ª ۸¦ »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â »õ·Î¿î matchÀÌ´Ù.

¿¹¸¦ µé¾î, 10°³ÀÇ ¿µ¿ª¿¡¼­ ¿ÜºÎ·Î ÇâÇÏ´Â ÆÐŶÀ» ¸ðµÎ ·Î±×¿¡ ±â·ÏÇÏ·Á¸é, ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A OUTPUT -m realm --realm 10 -j LOG

# iptables --list
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           REALM match 0xa LOG level warning
		

realm match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.12. record-rpc patch

ÀÌ ÆÐÄ¡´Â Marcelo Barbosa Lima <marcelo.lima@dcc.unicamp.br>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, È¿°úÀûÀÎ RPC ÇÊÅ͸µÀ» Çã¿ëÇϱâ À§ÇØ ÆÐŶ ¼Ò½º°¡ ÀÌÀü¿¡ portmapper¸¦ ÅëÇØ Æ÷Æ®¸¦ ¿äûÇßÀ» °æ¿ì, ¶Ç´Â portmapper¿¡ ´ëÇÑ »õ·Î¿î GET ¿äûÀÏ °æ¿ì matchÇÏ´Â µ¥ ´ëÇÑ »õ·Î¿î matchÀÌ´Ù.

RPC ¿¬°á ÃßÀû Á¤º¸¸¦ matchÇϱâ À§ÇØ, °£´ÜÈ÷ ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -m record_rpc -j ACCEPT

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination 
ACCEPT     all  --  anywhere             anywhere
		

record_rpc match´Â ¾î¶°ÇÑ ¿É¼Çµµ °¡ÁöÁö ¾Ê´Â´Ù.

match Á¤º¸°¡ ¾ø´Ù°í ¿°·ÁÇÒ °ÍÀº ¾ø´Ù. ÀÌ match¿¡ ´ëÇÑ print() functionÀÌ ºñ¾îÀֱ⠶§¹®¿¡ ÀÌ´Â °£´ÜÇÏ´Ù.

/* Prints out the union ipt_matchinfo. */
static void
print(const struct ipt_ip *ip,
	const struct ipt_entry_match *match,
	int numeric)
{
}
		

3.13. string patch

ÀÌ ÆÐÄ¡´Â Emmanuel Roger <winfield@freegates.be>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, ÆÐŶÀÇ ÇÑ ¹®ÀÚ¿­À» matchÇÏ´Â °Í¿¡ ´ëÇÑ »õ·Î¿î matchÀÌ´Ù.

¿¹¸¦ µé¾î, ``cmd.exe'' ¹®ÀÚ¿­À» Æ÷ÇÔÇϰí ÀÖ´Â ÆÐŶÀ» matchÇϰí userland IDS·Î º¸³»·Á¸é, ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -m string --string 'cmd.exe' -j QUEUE

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
QUEUE      all  --  anywhere             anywhere           STRING match cmd.exe 
		

Á¶½É½º·´°Ô ÀÌ match¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù. ¸¹Àº »ç¶÷µéÀÌ DROP taget¿¡ µû¶ó¼­ ¿ú ¹ÙÀÌ·¯½º¸¦ ¸ØÃß±â À§ÇØ ÀÌ match¸¦ »ç¿ëÇÏ±æ ¿øÇÑ´Ù. ÀÌ´Â Áß¿äÇÑ ½Ç¼öÀÌ´Ù. ƯÁ¤ IDS ħÀÔ ¹æ¹ýÀº À̸¦ ¹«·ÂÈ­ÇÒ¼ö ÀÖ´Ù.

À¯»çÇÑ °æÇâÀ¸·Î, ¸¹Àº »ç¶÷µéÀº POST ¹®ÀÚ¿­À» Æ÷ÇÔÇÏ´Â HTTP ÆÐŶÀ» µå·ÓÇÔÀ¸·Î½á POST³ª GET°°Àº HTTPÀÇ Æ¯Á¤ ±â´ÉÀ» ¸ØÃß±â À§ÇÑ ¼ö´ÜÀ¸·Î ÀÌ match¸¦ »ç¿ëÇϱ⸦ ¿øÇß¾ú´Ù. ÀÌ·¯ÇÑ ÀÛ¾÷Àº proxy¸¦ ÇÊÅ͸µÇÏ´Â °ÍÀÌ ´õ ÁÁÀº ¹æ¹ýÀÓÀ» ÀÌÇØÇ϶ó. ºÎ°¡ÀûÀ¸·Î POST¶õ ´Ü¾î¸¦ °¡Áö°í ÀÖ´Â HTML content´Â ÀÌÀü ¹æ¹ý(¼³Á¤)¿¡ ÀÇÇØ µå·ÓµÉ °ÍÀÌ´Ù. ÀÌ match´Â ´õ ÁÁÀº ºÐ¼®À» À§ÇØ À¯Àú¿µ¿ªÀÇ °ü½ÉÀÖ´Â ÆÐŶÀ» Å¥À×ÇÒ¼ö ÀÖ°Ô Çϱâ À§ÇØ ¼³°èµÇ¾ú´Ù. À̰ÍÀÌ ÀüºÎÀÌ´Ù. ÀÌ ¹æ¹ý¿¡ ÀÇÇØ ÆÐŶÀ» µå·ÓÇÏ´Â °ÍÀº ƯÁ¤ IDS ħÀÔ ¹æ¹ý¿¡ ÀÇÇØ ¹«·ÂÈ­µÉ ¼ö ÀÖ´Ù.

string match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.14. time patch

ÀÌ ÆÐÄ¡´Â Fabrice MARIE <fabrice@celestix.com>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, Ãâ¹ß ȤÀº µµÂø (·ÎÄÿ¡¼­ »ý¼ºµÈ ÆÐŶ) ½Ã°£¿¡ ±âÃÊÇÑ ÆÐŶÀ» matchÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â »õ·Î¿î matchÀÌ´Ù.

¿¹¸¦ µé¾î, ¿ù¿äÀϺÎÅÍ ±Ý¿äÀϱîÁö 8:00ºÎÅÍ 18:00±îÁö µµÂø ½Ã°£À» °¡Áø ÆÐŶÀ» Çã¿ëÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -m time --timestart 8:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

# iptables --list 
Chain INPUT (policy ACCEPT)
target     prot opt source           destination
ACCEPT     all  --  anywhere         anywhere        TIME from 8:0 to 18:0 on Mon,Tue,Wed,Thu,Fri 
		

time match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù :

3.15. ttl patch

ÀÌ ÆÐÄ¡´Â Harald Welte <laforge@gnumonks.org>¿¡ ÀÇÇØ ÀÛ¼ºµÇ¾úÀ¸¸ç, TTL¿¡ ±âÃÊÇÑ ÆÐŶÀ» matchÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â »õ·Î¿î matchÀÌ´Ù.

¿¹¸¦ µé¾î, TTLÀÌ 5º¸´Ù ÀûÀº ÆÐŶÀ» ·Î±×¿¡ ±â·ÏÇÏ·Á¸é, ´ç½ÅÀº ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù :

# iptables -A INPUT -m ttl --ttl-lt 5 -j LOG

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           TTL match TTL < 5 LOG level warning
		

ttl match°¡ Áö¿øÇÏ´Â ¿É¼ÇÀº ´ÙÀ½°ú °°´Ù.