Jasbir Khehra wrote: > > > On 11/8/05, *Pablo Neira* <pablo@xxxxxxxxxxx <mailto:pablo@xxxxxxxxxxx>> > wrote: > > Jasbir Khehra wrote: > > Hi, > > while running this command > > # iptables -t nat -I PREROUTING -p tcp -s 192.168.2.20 > <http://192.168.2.20> -m string > > --hex-string '0d0a0d0a594d5347' -j REJECT > > > > Not able to get the different options for '--algo' parameter . > > Kernel 2.6.14 iptables v1.3.4 thanks - Jasbir > > --algo [bm|kmp] > > bm: Boyer-Moore > kmp: Knuth-Pratt-Morris > > Those are the algorithm implemented at the moment. > > BTW, you should do that in the raw table, not nat. Nobody should use the > nat table for filtering purposes. > > -- > Pablo > > > > > Thankz Pablo for the reply and the "string" module :) . I redifined my > rule now and after some googling found the right syntax for using the > "--hex-string" > # iptables -t raw -A PREROUTING -s $source_ip -m string --algo bm > --hex-string "|0d 0a 59 4d 53 47|" -j DROP > Whats the initial position/counter for the "--from" parameter 0 or 1 > and does it start from the IP header ? Yes, the IP header. Use --from 0 for the initial position. -- Pablo
