Hi!

I have inherited a system using the following in order to prevent SIPVicious attacks:

iptables -I INPUT -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm -j DROP
iptables -I INPUT -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm -j DROP

Now that we are migrating to firewalld, I am not quite sure how to translate this into the firewalld semantics.

Do I have to use a rich rule with "protocol value="?

Any idea?

Thanks,

Benjamin Lefoul
nWISE AB