From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jin Gu, Kim" Subject: string match? Date: Fri, 07 Nov 2003 16:37:19 +0900 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3FAB4BAF.8000107@postech.ac.kr> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter mailing lists Dear all. How can I check if iptables string match support is enabled? I applied patch-o-matic in order to use string match support and recompiled kernel to support it. (iptables v1.2.8) When done, I tried this --> host_1# iptables -m string -h ,which produced the related help file : STRING match v1.2.9rc1 options: --string [!] string Match a string in a packet --hex-string [!] string Match a hex string in a packet host_1# Does it mean that the support can be used? If yes, when I tried this code, there was no message. What's wrong? --> host_1# iptables -A FORWARD -m string --string "test" -j LOG --log-prefix "TEST: " --> host_1# iptables -A FORWARD -m string --string "test" -j DROP Then I started a netcat server by : --> host_1# nc -l -p 3456 I connected to this via : --> host_2# telnet host_1 3456 and type --> test --> test I think this should yield some log or footprint. But I can't see any messages related to this. Furthermore, when I check "iptables -L -v", there was no records about it. -->host_1# iptables -L -v ................ Chain FORWARD (policy DROP 248 packets, 22560 bytes) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere STRING match test LOG level info prefix `TEST: ' 0 0 DROP all -- any any anywhere anywhere STRING match test ..................... What would be wrong?