How can I check if iptables string match support is enabled?
I applied patch-o-matic in order to use string match support and recompiled kernel to support it.
(iptables v1.2.8)
When done, I tried this
--> host_1# iptables -m string -h
,which produced the related help file :
STRING match v1.2.9rc1 options: --string [!] string Match a string in a packet --hex-string [!] string Match a hex string in a packet host_1#
Does it mean that the support can be used?
If yes, when I tried this code, there was no message. What's wrong?
<Run>
--> host_1# iptables -A FORWARD -m string --string "test" -j LOG --log-prefix "TEST: "
--> host_1# iptables -A FORWARD -m string --string "test" -j DROP
Then I started a netcat server by :
--> host_1# nc -l -p 3456
I connected to this via :
--> host_2# telnet host_1 3456
and type
--> test --> test
I think this should yield some log or footprint. But I can't see any messages related to this.
Furthermore, when I check "iptables -L -v", there was no records about it.
-->host_1# iptables -L -v
................
Chain FORWARD (policy DROP 248 packets, 22560 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere STRING match test LOG level info prefix `TEST: '
0 0 DROP all -- any any anywhere anywhere STRING match test
.....................
What would be wrong?
