On 2023-05-31, at 11:05:14 +0300, ValdikSS wrote: > Since at least kernel 5.3.x (2019) and up to current 6.2.15, iptables -m > string --algo bm does not work when added to the OUTPUT chain. > > Quick reproducer (algo bm, does not work properly): > > # iptables -I OUTPUT -p tcp -m string --algo bm --string 'GET /' -j DROP > > $ curl -s example.com | head -n3 > > > > ^^^^ curl executes successfully > > This works (algo kmp, works properly): > > # iptables -I OUTPUT -p tcp -m string --algo kmp --string 'GET /' -j DROP > > $ curl -s example.com | head -n > > > > ^^^^ curl does not execute successfully I've reproduced this. I'll have a crack at fixing it. > See: > https://bugzilla.netfilter.org/show_bug.cgi?id=1390 J.
Attachment:
signature.asc
Description: PGP signature
