Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
TARG# iptables -t dpxvke8h18 -L PREROUTING
Chain PREROUTING (policy DROP)
target prot opt source destination
DNAT tcp -- 1.1.1.1 2.2.2.2 tcp dpt:dsp
to:4.4.4.4:55
(S//NF) Rules can be removed using the “iptables -D” command:
TARG# iptables -t dpxvke8h18 -D PREROUTING 1
(S//NF) The above command removes the first rule in the PREROUTING chain.
4.3 (U) Removal
(S//NF) First, flush any remaining rules in the “dpxvke8h18” table:
TARG# iptables -t dpxvke8h18 -F
(S//NF) Then, remove the “nf_table” module using “rmmod”:
TARG# rmmod nf_table
(S//NF) NOTE: The “nf_table” name is internal to the module, and is unaffected by the
name of the .ko file that was loaded. If the module was named “foo.ko” on target, and
“insmod foo.ko” was used to load the module, “rmmod nf_table” should still be used to
unload the module.
(S//NF) To confirm that the module is no longer loaded and the table has been removed,
use “lsmod” and “iptables”:
TARG# lsmod
TARG# iptables -t dpxvke8h18 -L -nv
(S//NF) There should be no mention of “nf_table” in the output of the “lsmod” command,
and the “iptables” command should display an error message.
5
SECRET//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh