[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables rules with module string give strange counter results

On Fri, Nov 16, 2012 at 04:09:56PM +0300, Vladimir Budnev wrote:
> 2012/11/16 Stephan Balmer <sb@cis.ch>:
> >> OS: debian testing, kernel 3.2.0-3-686-pae
> >>
> >> iptables -t filter -A OUTPUT --protocol tcp --dport 80 --match string
> >> --algo bm --from 0 --to 1500 --string "/index.php" --jump LOG
> >> --log-prefix "matched :"
> >
> > Works for me on Debian stock kernel 3.2.0-3-amd64.
> >
> 
> Tnx for test.
> You mean you get correct counters with 2 matches for both packets?

I only tested the part that didn't work for you:

  iptables -t filter -A OUTPUT --protocol tcp --dport 80 --match string --algo bm --from 0 --to 1500 --string /index.php --jump LOG
  echo -n "GET /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc 89.16.167.134 80


> Can you list your iptables version ?
> 

iptables v1.4.14
It shoudn't make a difference.
Reply to: