On Tuesday 20 July 2004 1:52 pm, Samuel Jean wrote: > On Sun, 18 Jul 2004, gypsy wrote: > > Problem: > > No matter what text is in $STRING, iptables fails to see the match. > > > > iptables -I INPUT -m string --string $STRING -j LOG > > That rule will _only_ apply for packets going to the firewall itself. Correct. > > "iptables -nvL | grep STRING" has zeros in the counters. > > > > Example: > > Replace $STRING with "oreilly". From a remote computer run "lynx > > http://myurl/oreilly"; and variants until at least 30 pages have been > > displayed to be certain that at least one packet is not so fragmented > > that "oreilly" isn't there (see also Facts above). On the "myurl" > > computer iptables counters are zero. > > Try using that match in the FORWARD chain. No, I think INPUT is the right one to use here - because the web server is running on "myurl", and that is the machine with the netfilter rules (as stated in the explanation given above). Regards, Antony. -- Abandon hope, all ye who enter here. You'll feel much better about things once you do. Please reply to the list; please don't CC me.
