Hi, On Friday, 2008 October 17 at 20:00:04 +0530, chima s wrote: > Hi, > > I want to deny brwsing the yahoo and if somebody try to access the any > yahoo url, it will redirect to another page from my local web server. > > I added the below rule > > iptables -t nat -I PREROUTING -p tcp -m string --string "yahoo" --algo > bm -j DNAT --to-destination xxx.xxx.xxx.xxx NAT table is only reached for the SYN packet. Thus you can match of the GET which come later. You should use a proxy to do so. BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
