I know this would rater belong to the user list but I'm not a subscriber of this list so I try to post it here. I need a package inspection tool for a very large firewall project. The ipt_string functionality does not longer exist in the iptables implementation of the kernel 2.6 so I need a other tool which drops all packages or communication parts which contains dangerous contents. I've searched a lot of websites but I couldn't find anything which reliabley implements a such function. Is there somebody which has experiences in these field and can advise me? This functionality should been implemented on a Fedora 2 machine which stands in the front of the application level firewalls to prevent its from traffic which is not productive.
I'd strongly recommend asking on the netfilter list. Red Hat has a policy of only adopting kernel features that are part of the upstream core kernel, and doesn't include experimental stuff. So you'll probably need to get the Fedora kernel source RPM and make a custom build with the additional netfilter modules that you need.
I've quoted your whole question for those who might be able to answer once they realize you mean IP packets and not RPM packages. I notice a lot of people using "package" instead of "packet" and wonder if this mistranslation is coming from some particular source? How did you come to use the term "package"? Maybe we can go upstream and get the usage corrected. (Mind you, I'm a dumb provincial American so I only speak one language, and this isn't meant as an insult to those of you smart enough to take on English in addition to your native language.)
