KILLSTREAM

The KILLSTREAM command inspects network traffic for activity on the specified ports which matches a regular expression. The stream is then terminated via a TCP FIN injection.

Options

The KILLSTREAM command expects several options:

KILLSTREAM [interface] [direction] [expression] [port] ... [portN]

Interface

KILLSTREAM requires a network interface. Typically on the Packet Squirrel this is br-lan, the virtual interface which connects the Ethernet ports.

Direction

KILLSTREAM requires a direction: It can match on CLIENT requests, SERVER responses, or packets in ANY direction.

Expression

KILLSTREAM matches on a basic .

This expression can be as simple as the text to match, such as "Authorization: Basic", or a complex match such as "[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4}"to match four groups of four digits.

Ports

KILLSTREAM can match any number of ports.

Examples

The most basic use of the KILLSTREAM command is to prevent streams with specified content. For instance to kill any stream using HTTP Basic authentication, while allowing normal HTTP traffic:

#!/bin/bash 

# Title: Killstream example
#
# Description: Prevent HTTP Basic Authorization requests

# Set bridge mode
NETMODE BRIDGE

LED R SINGLE

# Wait for any basic-auth on port 80
KILLSTREAM br-lan ANY 'Authorization: Basic' 80