Fix the OpenSSL Heartbleed vulnerability without upgrade


In some environments, upgrade all OpenSSL packages may not be easy, with iptables there is a solution.

#Log
iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBLEED"
#Block
iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j DROP

,

  1. No comments yet.
(will not be published)

*


Fork me on GitHub