Might be handy for some of you: iptables mitigation (using u32 matching) for #heartbleed; logs then drops all TLS heartbeat handshakes.

# Log rules
iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBEAT"

# Block rules
iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j DROP

Source: http://www.securityfocus.com/archive/1/531779/30/0/threaded
Shared publiclyView activity