bugzilla-daemon at bugzilla.netfilter.org
2011-Aug-14 04:33 UTC
[Bug 737] New: string matching can not be negated
http://bugzilla.netfilter.org/show_bug.cgi?id=737
Summary: string matching can not be negated
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P3
Component: unknown
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: danja at k0a1a.net
Estimated Hours: 0.0
hi there,
a simple rule:
iptables -t mangle -A PREROUTING -i eth2 -p tcp --dport 80 -m string --to 70 !
--string 'GET /' --algo bm -j LOG
produces no results, whether the same but not negated rule does:
iptables -t mangle -A PREROUTING -i eth2 -p tcp --dport 80 -m string --to 70 !
--string 'GET /' --algo bm -j LOG
iptables: Version: 1.4.8-3
linux: 2.6.38-bpo.2-686 #1 SMP Tue Jun 14 11:43:18 UTC 2011 i686 GNU/Linux
greetings!
d
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Aug-14 10:41 UTC
[Bug 737] string matching can not be negated
http://bugzilla.netfilter.org/show_bug.cgi?id=737 --- Comment #1 from danja <danja at k0a1a.net> 2011-08-14 12:41:45 --- ups, the second rule shall read as: iptables -t mangle -A PREROUTING -i eth2 -p tcp --dport 80 -m string --to 70 --string 'GET /' --algo bm -j LOG cheerz, d -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Aug-14 12:20 UTC
[Bug 737] string matching can not be negated
http://bugzilla.netfilter.org/show_bug.cgi?id=737
danja <danja at k0a1a.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Apparently Analagous Threads
- [Bug 1390] New: iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x
- [Bug 2397] New: Match block doesn't match negated addresses
- [Bug 1385] New: Incorrectly evaluated expression with negated ip saddr and negated ip daddr
- [Bug 1918] New: match_pattern_list fails for negated failure
- patch for .samba-2.0.7/source/lib/bitmap.c