how to use regular expression with iptables


up vote
0
down vote
favorite
I am trying to do a routing rule to a bunch a subdomains matched by regular expression.
iptables -t nat -A PREROUTING -m string --string "/must-[a-z0-9-.]+gonow[a-z.]+/g" --algo regex -p tcp -m tcp --dport 12 -j DNAT --to-destination 1.1.1.1:12
getting error - iptables: No chain/target/match by that name.
networking iptables regex
add a comment |Â
up vote
0
down vote
favorite
I am trying to do a routing rule to a bunch a subdomains matched by regular expression.
iptables -t nat -A PREROUTING -m string --string "/must-[a-z0-9-.]+gonow[a-z.]+/g" --algo regex -p tcp -m tcp --dport 12 -j DNAT --to-destination 1.1.1.1:12
getting error - iptables: No chain/target/match by that name.
networking iptables regex
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am trying to do a routing rule to a bunch a subdomains matched by regular expression.
iptables -t nat -A PREROUTING -m string --string "/must-[a-z0-9-.]+gonow[a-z.]+/g" --algo regex -p tcp -m tcp --dport 12 -j DNAT --to-destination 1.1.1.1:12
getting error - iptables: No chain/target/match by that name.
networking iptables regex
I am trying to do a routing rule to a bunch a subdomains matched by regular expression.
iptables -t nat -A PREROUTING -m string --string "/must-[a-z0-9-.]+gonow[a-z.]+/g" --algo regex -p tcp -m tcp --dport 12 -j DNAT --to-destination 1.1.1.1:12
getting error - iptables: No chain/target/match by that name.
networking iptables regex
networking iptables regex
asked Jan 31 at 20:33
Vitalik Jimbei
1151312
1151312
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
The problem is that you are attempting to use a relatively slow pattern matching algorithm in an application that MUST use a fast pattern matching algorithm. Also know that the entire use of the "string" filter can be compute intensive, and for that reason just a few years ago that module was not available by default. You will have to learn either the Boyer-Moore (bm) or Knuth-Pratt-Morris (kmp) fast string matching algorithms and use one of those.
See also the manual pages for iptables-extensions. Excerpt:
--algo bm
Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The problem is that you are attempting to use a relatively slow pattern matching algorithm in an application that MUST use a fast pattern matching algorithm. Also know that the entire use of the "string" filter can be compute intensive, and for that reason just a few years ago that module was not available by default. You will have to learn either the Boyer-Moore (bm) or Knuth-Pratt-Morris (kmp) fast string matching algorithms and use one of those.
See also the manual pages for iptables-extensions. Excerpt:
--algo bm
Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
add a comment |Â
up vote
0
down vote
The problem is that you are attempting to use a relatively slow pattern matching algorithm in an application that MUST use a fast pattern matching algorithm. Also know that the entire use of the "string" filter can be compute intensive, and for that reason just a few years ago that module was not available by default. You will have to learn either the Boyer-Moore (bm) or Knuth-Pratt-Morris (kmp) fast string matching algorithms and use one of those.
See also the manual pages for iptables-extensions. Excerpt:
--algo bm
Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The problem is that you are attempting to use a relatively slow pattern matching algorithm in an application that MUST use a fast pattern matching algorithm. Also know that the entire use of the "string" filter can be compute intensive, and for that reason just a few years ago that module was not available by default. You will have to learn either the Boyer-Moore (bm) or Knuth-Pratt-Morris (kmp) fast string matching algorithms and use one of those.
See also the manual pages for iptables-extensions. Excerpt:
--algo bm
Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
The problem is that you are attempting to use a relatively slow pattern matching algorithm in an application that MUST use a fast pattern matching algorithm. Also know that the entire use of the "string" filter can be compute intensive, and for that reason just a few years ago that module was not available by default. You will have to learn either the Boyer-Moore (bm) or Knuth-Pratt-Morris (kmp) fast string matching algorithms and use one of those.
See also the manual pages for iptables-extensions. Excerpt:
--algo bm
Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
answered Jan 31 at 21:46


Doug Smythies
6,34631426
6,34631426
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001847%2fhow-to-use-regular-expression-with-iptables%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password