How to drop DPI packets in iptables?

F

firexonix2015-05-01 19:23:26

iptables

firexonix, 2015-05-01 19:23:26

I follow the instructions in this post to drop packets from the beeline DPI on the computer. I settled
on this option:

sudo iptables -A INPUT -p tcp --sport 80 -m string --algo bm --string "http://blackhole.beeline.ru/?url" -j DROP

The loading stub, of course, disappeared, but the response from the server, after a long load, still does not come. Here is the curl response header from the test site:

* Rebuilt URL to: http://grani.ru/
* Hostname was NOT found in DNS cache
*   Trying 50.57.205.156...
* Connected to grani.ru (50.57.205.156) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: grani.ru
> Accept: */*
> 
* Empty reply from server
* Connection #0 to host grani.ru left intact
(END)

What am I doing wrong?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vlad Zhivotnev, 2015-05-05
@firexonix

In an article about Rostelecom, and you have a beeline. What instruction are you following?
At Beeline, all traffic to blocked IPs goes to filtering proxy servers, which themselves answer you. There are no "requests from the server" (by the way, why the hell do you call the answer a request?) there - your request does not go beyond the beeline network.

V

ValdikSS, 2015-05-01
@ValdikSS

Beeline, it seems, DPI is not passively connected, so the real response from the server is not sent.
Look at the traffic yourself or upload a .pcap file somewhere when you try to access a blocked website.