On Sun, 18 Jul 2004, gypsy wrote: > Problem: > No matter what text is in $STRING, iptables fails to see the match. > > iptables -I INPUT -m string --string $STRING -j LOG That rule will _only_ apply for packets going to the firewall itself. > > "iptables -nvL | grep STRING" has zeros in the counters. > > Example: > Replace $STRING with "oreilly". From a remote computer run "lynx > http://myurl/oreilly"; and variants until at least 30 pages have been > displayed to be certain that at least one packet is not so fragmented > that "oreilly" isn't there (see also Facts above). On the "myurl" > computer iptables counters are zero. Try using that match in the FORWARD chain. > > QUESTION: > How can I find out why the string match fails to find the intended > text? (Later on I may ask how to fix that...) > > gypsy > > > --__--__-- -- Samuel Jean SysAdmin & NetAdmin at cookinglinux.org
