bugzilla-daemon@bugzilla.netfilter.org
2006-Mar-24 08:31 UTC
[Bug 465] New: string --to is not working
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=465 Summary: string --to is not working Product: iptables Version: 1.3.5 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: iptables AssignedTo: laforge@netfilter.org ReportedBy: imitev@obs.bg i'm playing a bit with the string match and i'm trying to match the "SSH" characters at the begining of the tcp payload this works: iptables -A OUTPUT -p tcp -m string --algo kmp --string "SSH" -j REJECT --reject-with tcp-reset but the rule below still matches SSH anywhere in the payload, while "SSH" is obviously not in the first 2 bytes of the ip header (dumb test) iptables -A OUTPUT -p tcp -m string --algo kmp --string "SSH" --to 2 -j REJECT --reject-with tcp-reset system used: centos4.2, iptables version 1.3.5 and kernel 2.6.16 (tested with 2.6.15 too) btw, there is a small error in extensions/libipt_string.man: --to offset Set the offset from which it starts looking for any matching. If not passed, default is the packet size." it should be something like "set the offset at which it stops looking..." maybe the doc should also specify that these offsets are in bytes, and give a little info on the algos -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 497] New: ipt_string doesn't ork for me
- [Bug 505] iptables-save still doesn't like quotes
- [Bug 505] New: iptables-save still doesn't like quotes
- [Bug 1390] New: iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x
- [Bug 505] iptables-save still doesn't like quotes