On Fri, Nov 16, 2012 at 04:09:56PM +0300, Vladimir Budnev wrote: > 2012/11/16 Stephan Balmer <[email protected]>: > >> OS: debian testing, kernel 3.2.0-3-686-pae > >> > >> iptables -t filter -A OUTPUT --protocol tcp --dport 80 --match string > >> --algo bm --from 0 --to 1500 --string "/index.php" --jump LOG > >> --log-prefix "matched :" > > > > Works for me on Debian stock kernel 3.2.0-3-amd64. > > > > Tnx for test. > You mean you get correct counters with 2 matches for both packets?
I only tested the part that didn't work for you: iptables -t filter -A OUTPUT --protocol tcp --dport 80 --match string --algo bm --from 0 --to 1500 --string /index.php --jump LOG echo -n "GET /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc 89.16.167.134 80 > Can you list your iptables version ? > iptables v1.4.14 It shoudn't make a difference. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
