Hi, have you tried the rules in the INPUT chain? You connect to a local process on host_1 so FORWARD chain will not be used. Greetings Gerd Am Fre, den 07.11.2003 schrieb Jin Gu, Kim um 08:37: > Dear all. > > How can I check if iptables string match support is enabled? > > I applied patch-o-matic in order to use string match support and > recompiled kernel to support it. > (iptables v1.2.8) > > When done, I tried this > > --> host_1# iptables -m string -h > > ,which produced the related help file : > > STRING match v1.2.9rc1 options: > --string [!] string Match a string in a packet > --hex-string [!] string Match a hex string in a packet > host_1# > > Does it mean that the support can be used? > > If yes, when I tried this code, there was no message. What's wrong? > > <Run> > > --> host_1# iptables -A FORWARD -m string --string "test" -j LOG > --log-prefix "TEST: " > --> host_1# iptables -A FORWARD -m string --string "test" -j DROP > > Then I started a netcat server by : > > --> host_1# nc -l -p 3456 > > I connected to this via : > > --> host_2# telnet host_1 3456 > > and type > > --> test > --> test > > > > I think this should yield some log or footprint. But I can't see any > messages related to this. > > Furthermore, when I check "iptables -L -v", there was no records about it. > > -->host_1# iptables -L -v > ................ > Chain FORWARD (policy DROP 248 packets, 22560 bytes) > pkts bytes target prot opt in out source > destination > 0 0 LOG all -- any any anywhere > anywhere STRING match test LOG level info prefix `TEST: ' > 0 0 DROP all -- any any anywhere > anywhere STRING match test > ..................... > > > > > What would be wrong? > > >
