Mbtcp.unit_id==2 (wireshark filter)

Hi all, I'd like to add a port forwarding rules based on "wireshark rules".. in my case a Modbus TCP filter (like mbtcp.unit_id==2). Is there some way to do this on openWrt?

You can use any iptables parameter to filter via the firewall. In addition, you can search the packet for a binary/hex string.

BTW, to my understanding, this protocol uses 502/tcp.

See: https://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html#ss7.3

hi lleachii, thanks for feedback. I'm looking from iptables Modbus filtering but I didnt't found some native filter. Are they installed into OpenWrt? Modbus use port 502 but I need to filer based on Unit ID or other Modbus properties (such as register number,...). Not sure I can do it with "standard" iptable. I found this http://modbusfw.sourceforge.net/ but I dont know I can install into OpenWrt

You'd have to build/compile it.

Again, if you can search for this string in a packet, that'll work too.

no way to run a port forwarding based on MOdbus Unit ID. Someone have suggestion?