[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables rules with module string give strange counter results

2012/11/19 linbloke <linbloke@fastmail.fm>:
> Perhaps your log daemon is squashing duplicate entries?
To be honest i dont care much about log messages, I do care about rule
counters:) The thing that scares me is my missunderstanding of "what
is going on?"

But I found when counters get incremented. Bulmer test with nc hinted
me to play a bit with  tcp packet payload.

First run:
echo -n "GET /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc 80

gives no counters change. I get the page, but counters still unchanged. Okey...

Doing request like:
echo -n "GET BUBA-BUBA /index.php HTTP/1.1\r\nHost:
www.gentoo.org\r\n\r\n" | nc 80

I get "400 Bad request" and counters still unchaged. Okey....

!!! BUT !!!!
if I do something like
echo -n "GET BUBA-BUBA-BUBA-BUBAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
/index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n| nc

I get the same "400 Bad request", BUT now counters got incremented.

Seems like module start matching from the wrong position thus even
--from 0 (ommiting --from 0 for default does not change result) simply
does not work.


Reply to: