On Monday 2011-01-31 02:53, JeHo Park wrote: > >the string match works well in filter table, but it does not work in NAT. Oh it _does_ work in nat. But given that the nat table is an abstract configuration database rather than a filter, not all packets do a lookup. >i used following iptables rules ># iptables -A PREROUTING -t nat -p tcp --dport 80 -m string --string >"goole.com" --algo bm -j DNAT --to-destination 10.10.10.125:80 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
