From: Pablo Neira <pablo@eurodev.net>
To: Jasbir Khehra <jasbir.k@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: iptables v1.3.4: STRING match: You must specify `--algo'
Date: Sat, 12 Nov 2005 13:03:47 +0100 [thread overview]
Message-ID: <4375DA23.4060202@eurodev.net> (raw)
In-Reply-To: <e053ca9d0511110554v2b8f187bh63526a9cf887dfbc@mail.gmail.com>
Jasbir Khehra wrote:
>
>
> On 11/8/05, *Pablo Neira* <pablo@eurodev.net <mailto:pablo@eurodev.net>>
> wrote:
>
> Jasbir Khehra wrote:
> > Hi,
> > while running this command
> > # iptables -t nat -I PREROUTING -p tcp -s 192.168.2.20
> <http://192.168.2.20> -m string
> > --hex-string '0d0a0d0a594d5347' -j REJECT
> >
> > Not able to get the different options for '--algo' parameter .
> > Kernel 2.6.14 iptables v1.3.4 thanks - Jasbir
>
> --algo [bm|kmp]
>
> bm: Boyer-Moore
> kmp: Knuth-Pratt-Morris
>
> Those are the algorithm implemented at the moment.
>
> BTW, you should do that in the raw table, not nat. Nobody should use the
> nat table for filtering purposes.
>
> --
> Pablo
>
>
>
>
> Thankz Pablo for the reply and the "string" module :) . I redifined my
> rule now and after some googling found the right syntax for using the
> "--hex-string"
> # iptables -t raw -A PREROUTING -s $source_ip -m string --algo bm
> --hex-string "|0d 0a 59 4d 53 47|" -j DROP
> Whats the initial position/counter for the "--from" parameter 0 or 1
> and does it start from the IP header ?
Yes, the IP header. Use --from 0 for the initial position.
--
Pablo
prev parent reply other threads:[~2005-11-12 12:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-07 12:38 iptables v1.3.4: STRING match: You must specify `--algo' Jasbir Khehra
2005-11-08 1:01 ` Pablo Neira
[not found] ` <e053ca9d0511110554v2b8f187bh63526a9cf887dfbc@mail.gmail.com>
2005-11-12 12:03 ` Pablo Neira [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4375DA23.4060202@eurodev.net \
--to=pablo@eurodev.net \
--cc=jasbir.k@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox