Hello All, I am trying to figure out a setup for an http proxy to send only selected connections to the userland and forward the other connections. proxy ------ user ^ | GET /test1 | client ---------- kernel ----------------all other requests --------------> server Anything that matches GET /test1 should be sent to user land to be served by the proxy and the rest should be forwarded on to the origin server. Here is my iptables rule. iptables -t mangle -A PREROUTING -p tcp --dport 80 -m string --string "GET /test1" --algo bm -j QUEUE Obviously this is not working, since the SYN/SYN-ACK is already been processed so the connection is already set to the origin server. With the above rule only GET packet is QUEUEd which doesnt help. Whats a good way to set this up. Any ideas ? Thanks -- Pranav -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html