#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== connbytes length state u32
#==== Brick specific help ====
#	The mapssh module uses some very tight checks to identify the SSH
#protocol string found at the beginning of a connection.  Because it
#strictly limits how many packets it inspects, it _should_ not produce
#high load on the system, even when inspecting every tcp connection. 
#There is a small chance of false positives and/or false negatives.

/usr/bin/sudo /sbin/iptables -N mapssh
/usr/bin/sudo /sbin/iptables -A mapssh -m u32 --u32 0>>22&0x3C@ 12>>26&0x3C@ 0=0x5353482D
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -p tcp ! -f -m connbytes --connbytes 0:255 -m state --state ESTABLISHED -m length --length 46:375 -j mapssh
/usr/bin/sudo /sbin/iptables -A FORWARD -p tcp ! -f -m connbytes --connbytes 0:255 -m state --state ESTABLISHED -m length --length 46:375 -j mapssh
/usr/bin/sudo /sbin/iptables -A OUTPUT -p tcp ! -f -m connbytes --connbytes 0:255 -m state --state ESTABLISHED -m length --length 46:375 -j mapssh