Hi,

K. Jay Rogozinsky wrote:
> I am hoping contacting you directly is not inappropriate.

No problem. I've cc'ed the reply to netfilter-devel for the record. It
could be useful for others.

> As I understand, iptables 1.3.4 *can* use the kernel string matching
> available starting in kernel 2.6.14.
> 
> However, we are using kernel 2.4.31 (which iptables 1.3.4 doc says is OK).

So, I updated the manpage. Attached a patch that applies to netfilter SVN.

> However, according to our "compile guy" (Thomas):
> 
> "iptables 1.3.4 does not compile when I have strings matching.  That is, the
> string match patch does something that makes iptables 1.3.4 not compile."

iptables doesn't compile the string match if it's not present in the
current kernel, eg. if you compile iptables against a linux kernel <=
2.6.14, the string match won't be compiled.

> So, given that we continue to use kernel 2.4.31, is their any applicable
> patch or approach;  We would like to use our kernel (2.4.31) with iptables
> 1.3.4 and still have string matching.

There's no backport available. The only existing way to add support for
string matching is upgrading your kernel at the moment.

-- 
Pablo