Re: ipt_string problems and FAQ

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Sven Riedel <sr@gimp.org>
To: netfilter@lists.netfilter.org
Subject: Re: ipt_string problems and FAQ
Date: Wed, 3 Sep 2003 10:43:52 +0200	[thread overview]
Message-ID: <20030903084352.GB5028@localnet> (raw)
In-Reply-To: <Pine.LNX.4.51.0309011300560.32229@dns.toxicfilms.tv>

On Mon, Sep 01, 2003 at 01:03:48PM +0200, Maciej Soltysiak wrote:
> Hi,
> > ask where this FAQ entry is...
> http://www.netfilter.org/documentation/FAQ/netfilter-faq-3.html#ss3.14

Ok, slightly off topic to this thread, but I still need to know from
that faq entry:
QUOTE
Please do not use the string match from patch-o-matic instead of
application proxy filtering. It would be defeated anytime by fragmented
packets (i.e. an HTTP request split on two TCP packets), 
ENDQUOTE

I thought iptables collects all fragments and reassembles the packet
before applying any rules? Or am I dead wrong here? 

Regs,
Sven
-- 
Sven Riedel                      sr@gimp.org
Liebigstr. 38 
30163 Hannover                  "Python is merely Perl for those who
                                 prefer Pascal to C" (anon)

next prev parent reply	other threads:[~2003-09-03  8:43 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-27 17:19 ipt_string problems and FAQ Tabris
2003-09-01  1:41 ` cc
2003-09-01 11:03 ` Maciej Soltysiak
2003-09-01 12:21   ` Tabris
2003-09-04 18:28     ` Michael
2003-09-03  8:43   ` Sven Riedel [this message]
2003-09-03 13:16     ` Ralf Spenneberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030903084352.GB5028@localnet \
    --to=sr@gimp.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox