#18678: OpenWRT iptables string matching doesn't work for TCP
--------------------------+------------------------
Reporter: awesomezq@… | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version: Trunk
Resolution: | Keywords: iptables
--------------------------+------------------------
Comment (by anonymous):
I'm experiencing similar problems on trunk r45594 and iptables 1.4.21-1
(with iptables-mod-filter and kmod-ipt-filter installed).
UDP works fine (e.g. iptables -I OUTPUT -p udp -m udp -m string --string
"blabla" --algo bm -j REJECT),
however, TCP breaks the firewall (iptables -I OUTPUT -p tcp -m tcp -m
string --string "blabla" --algo bm -j REJECT). In LuCI, the firewall
status page gets loaded up to this particular entry, then everything
stops. Issuing same command with -D fixes the problem.
Worse, setting 'iptables -A OUTPUT -p tcp -m tcp -m string --string
"blabla" --algo bm -j REJECT' in firewall.custom and restarting the router
breaks it. I had to start the router into failsafe mode. After issuing
'mount_root', I noticed that the router has been reset to default
configuration.
--
Ticket URL: <https://dev.openwrt.org/ticket/18678#comment:3>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
