(the old) firewall manual says:
So it really only matches packets which contain set string in full. Not even connection but only packet. So basically this may match one of initial packets where client includes server name in SNI ... that one was not encrypted up to TLSv1.2, in TLSv1.3 it's encrypted so this rule won't be able to block such connection attempts any more. Another possibility for not matching is if this string somehow gets split into two packets (e.g. because of low MTU).
So in essence, this matching property may or may not work as desired.
content (string; Default: ) Match packets that contain specified text
So it really only matches packets which contain set string in full. Not even connection but only packet. So basically this may match one of initial packets where client includes server name in SNI ... that one was not encrypted up to TLSv1.2, in TLSv1.3 it's encrypted so this rule won't be able to block such connection attempts any more. Another possibility for not matching is if this string somehow gets split into two packets (e.g. because of low MTU).
So in essence, this matching property may or may not work as desired.
Statistics: Posted by mkx — Thu Feb 01, 2024 8:11 am