* string match?
@ 2003-11-07 7:37 Jin Gu, Kim
2003-11-07 8:16 ` Gerd Zemella
0 siblings, 1 reply; 2+ messages in thread
From: Jin Gu, Kim @ 2003-11-07 7:37 UTC (permalink / raw)
To: netfilter mailing lists
Dear all.
How can I check if iptables string match support is enabled?
I applied patch-o-matic in order to use string match support and
recompiled kernel to support it.
(iptables v1.2.8)
When done, I tried this
--> host_1# iptables -m string -h
,which produced the related help file :
STRING match v1.2.9rc1 options:
--string [!] string Match a string in a packet
--hex-string [!] string Match a hex string in a packet
host_1#
Does it mean that the support can be used?
If yes, when I tried this code, there was no message. What's wrong?
<Run>
--> host_1# iptables -A FORWARD -m string --string "test" -j LOG
--log-prefix "TEST: "
--> host_1# iptables -A FORWARD -m string --string "test" -j DROP
Then I started a netcat server by :
--> host_1# nc -l -p 3456
I connected to this via :
--> host_2# telnet host_1 3456
and type
--> test
--> test
I think this should yield some log or footprint. But I can't see any
messages related to this.
Furthermore, when I check "iptables -L -v", there was no records about it.
-->host_1# iptables -L -v
................
Chain FORWARD (policy DROP 248 packets, 22560 bytes)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- any any anywhere
anywhere STRING match test LOG level info prefix `TEST: '
0 0 DROP all -- any any anywhere
anywhere STRING match test
.....................
What would be wrong?
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: string match?
2003-11-07 7:37 string match? Jin Gu, Kim
@ 2003-11-07 8:16 ` Gerd Zemella
0 siblings, 0 replies; 2+ messages in thread
From: Gerd Zemella @ 2003-11-07 8:16 UTC (permalink / raw)
To: netfilter mailing lists
Hi,
have you tried the rules in the INPUT chain?
You connect to a local process on host_1 so FORWARD chain will not be
used.
Greetings
Gerd
Am Fre, den 07.11.2003 schrieb Jin Gu, Kim um 08:37:
> Dear all.
>
> How can I check if iptables string match support is enabled?
>
> I applied patch-o-matic in order to use string match support and
> recompiled kernel to support it.
> (iptables v1.2.8)
>
> When done, I tried this
>
> --> host_1# iptables -m string -h
>
> ,which produced the related help file :
>
> STRING match v1.2.9rc1 options:
> --string [!] string Match a string in a packet
> --hex-string [!] string Match a hex string in a packet
> host_1#
>
> Does it mean that the support can be used?
>
> If yes, when I tried this code, there was no message. What's wrong?
>
> <Run>
>
> --> host_1# iptables -A FORWARD -m string --string "test" -j LOG
> --log-prefix "TEST: "
> --> host_1# iptables -A FORWARD -m string --string "test" -j DROP
>
> Then I started a netcat server by :
>
> --> host_1# nc -l -p 3456
>
> I connected to this via :
>
> --> host_2# telnet host_1 3456
>
> and type
>
> --> test
> --> test
>
>
>
> I think this should yield some log or footprint. But I can't see any
> messages related to this.
>
> Furthermore, when I check "iptables -L -v", there was no records about it.
>
> -->host_1# iptables -L -v
> ................
> Chain FORWARD (policy DROP 248 packets, 22560 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- any any anywhere
> anywhere STRING match test LOG level info prefix `TEST: '
> 0 0 DROP all -- any any anywhere
> anywhere STRING match test
> .....................
>
>
>
>
> What would be wrong?
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-11-07 8:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-07 7:37 string match? Jin Gu, Kim
2003-11-07 8:16 ` Gerd Zemella
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.