Re: Iptables rules with module string give strange counter results
2012/11/19 linbloke <linbloke@fastmail.fm>:
>
>
> Perhaps your log daemon is squashing duplicate entries?
>
To be honest i dont care much about log messages, I do care about rule
counters:) The thing that scares me is my missunderstanding of "what
is going on?"
But I found when counters get incremented. Bulmer test with nc hinted
me to play a bit with tcp packet payload.
First run:
echo -n "GET /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc
89.16.167.134 80
gives no counters change. I get the page, but counters still unchanged. Okey...
Doing request like:
echo -n "GET BUBA-BUBA /index.php HTTP/1.1\r\nHost:
www.gentoo.org\r\n\r\n" | nc 89.16.167.134 80
I get "400 Bad request" and counters still unchaged. Okey....
!!! BUT !!!!
if I do something like
echo -n "GET BUBA-BUBA-BUBA-BUBAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
/index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n| nc 89.16.167.134
80
I get the same "400 Bad request", BUT now counters got incremented.
Seems like module start matching from the wrong position thus even
--from 0 (ommiting --from 0 for default does not change result) simply
does not work.
Ehm...
Reply to: