Re: iptables v1.3.4: STRING match: You must specify `--algo'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jasbir Khehra wrote:
> Hi,
>    while  running this command
> # iptables -t nat -I PREROUTING -p tcp -s 192.168.2.20 -m string
> --hex-string '0d0a0d0a594d5347' -j REJECT
> 
> Not able to get the different options for '--algo' parameter . 
> Kernel 2.6.14 iptables v1.3.4  thanks - Jasbir 

--algo [bm|kmp]

bm: Boyer-Moore
kmp: Knuth-Pratt-Morris

Those are the algorithm implemented at the moment.

BTW, you should do that in the raw table, not nat. Nobody should use the
nat table for filtering purposes.

-- 
Pablo
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux