Thank you for the speedy reply. So I'm guessing the answer to the main question below, about whether that patch ever made it into iptables, is "no". Is this because of the limitations of string matching with regards to packet fragmentation, as per your response, or for some other reason (eg unwanted complexity)? If the former, then why does iptables include the string match (but not replace) extension, which surely suffers from the same limitations? >Does anyone know if the --string-replace functionality ever made it >into iptables? If not, what are my chances of the patch from 2004 >playing nice with the current Git head revision? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html