> I want to replace string "hello" with "abcd" how i > could do with iptables mangle, patch-o-matic is > working fine > > i am waiting for quick reponse. Quick...? Have you actually searched the net to make it work ? >From the Netfilter/POM-NG documentation : ============ string - iptables string match Author: Emmanuel Roger <winfield@xxxxxxxxxxxx> Status: Working, not with kernel 2.4.9 This patch adds CONFIG_IP_NF_MATCH_STRING which allows you to match a string in a whole packet. THIS PATCH DOES NOT WORK WITH KERNEL 2.4.9 !!! ============ So, this is a MATCH, not a TARGET or something with which you can alter packets. Maybe you should also read this : http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO- 3.html#ss3.18 You might be able to QUEUE it to userspace, do the replacing there and send it back to netfilter. But I don't know how you would re-inject a packet or if that can be done. If it can be done, I suppose you'd have to write a program yourself to do it. Gr, Rob
