> Hi, > > Any ideas why this would be failing? It's the example straight out of > the documentation: > > host# iptables -A INPUT -m string --string 'cmd.exe' -j QUEUE > iptables: No chain/target/match by that name > > This is on a Debian Stable box. Is it possible that "-m string" is > permitted by the userspace tool but the functionality hasn't been > included in the kernel? yup--most distros do not compile the string match (i *think* suse does). try: ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ipt_string.o and make sure you have the actual module. if not, grab p-o-m and follow the instructions: http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html -j
