You could see if the module is there to load: insmod ipt_string -----Original Message----- From: Edmund [mailto:cc@xxxxxxxxxxxxx] Sent: Thursday, August 07, 2003 9:06 PM To: Netfilter Subject: -m string Hi, George Viera recently mentioned about using -m string to filter 'bad' packets. Is there supposed to be a pre-requisite to the following command? iptables -A INPUT -m string --string 'cmd.exe' -j DROP (actually, I'm attempting this:) iptables -A FORWARD -m string --string 'cmd.exe' -j DROP I get a "iptables: No Chain/target/match by that name" error. I sense that it's complaining about '-m string'. I applied the string.patch and recompiled the kernel already. (btw, I'm using Slackware w/ 2.4.21 kernel). Btw, how do I tell if the kernel contains the said patch? Any help appreciated I realize this will slow the system down a bit, but at this point I'm just testing out the option.
