Posts Tagged OpenSSL

Fix the OpenSSL Heartbleed vulnerability without upgrade

In some environments, upgrade all OpenSSL packages may not be easy, with iptables there is a solution.

#Log
iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBLEED"
#Block
iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j DROP

,

No Comments

Fork me on GitHub