Re: string match fails to find anything/everything

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 On Sun, 18 Jul 2004, gypsy wrote:
> Problem:
> No matter what text is in $STRING, iptables fails to see the match.
>
> iptables -I INPUT -m string --string $STRING -j LOG

That rule will _only_ apply for packets going to the firewall itself.

>
> "iptables -nvL | grep STRING" has zeros in the counters.
>
> Example:
> Replace $STRING with "oreilly".  From a remote computer run "lynx
> http://myurl/oreilly"; and variants until at least 30 pages have been
> displayed to be certain that at least one packet is not so fragmented
> that "oreilly" isn't there (see also Facts above).  On the "myurl"
> computer iptables counters are zero.

Try using that match in the FORWARD chain.

>
> QUESTION:
> How can I find out why the string match fails to find the intended
> text?  (Later on I may ask how to fix that...)
>
> gypsy
>
>
> --__--__--

-- 
Samuel Jean
SysAdmin & NetAdmin
at cookinglinux.org




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux