On Thu, 27 Jul 2006 17:34:32 +0300 Maxim Britov wrote: > I trying to use string. iptables 1.3.5 / kernel 2.6.18-rc2-ck1 > > iptables -A INPUT -p tcp -m string --algo kmp --string 112233 -j LOG > iptables -A INPUT -p tcp -m string --algo kmp --string ! 112233 -j LOG > iptables -A INPUT -p tcp -m string --algo kmp --hex-string 112233 -j LOG > > I got worked first rule only. > > Second rule never matches any packets. IMHO it should match any packet without my string. I'm right? > > Thirst rule iptables-save show as: > -A INPUT -p tcp -m string --string "112233" --algo kmp --to 65535 -j LOG > I think it transform my --hex-string into --string here. May I misunderstood some here? And "--algo bm --string 112233" doesn't want match 112233, but match x112233 Is it bug or it is bm algorithm feature? PS. Happy SysAdmin Day!!! ;) -- Maxim Britov GnuPG KeyID 0x4580A6D66F3DB1FB xmpp:maxim@xxxxxxxx icq 198171258 Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB GnuPG-ru Team (http://lists.gnupg.org/mailman/listinfo/gnupg-ru xmpp:gnupg-ru@xxxxxxxxxxxxxxxxxxxx)
