where/how to insert these rules

where/how to insert these rules in an existing iptables script?:
http://ubuntuforums.org/showthread.php?t=1876124

- A INPUT –m string –algo bm –string “*google.com” –j DROP
- A INPUT –m string –algo bm –string “*google.inc.” –j DROP
- A INPUT –m string –algo bm –string “*facebook.com” –j DROP
- A INPUT –m string –algo bm –string “*akamai.net” –j DROP

main/work string: iptables –A INPUT –m string –algo bm –string “*blocked.com” –j DROP

If you don't provide a larger context (i.e. your existing rule set), your question is difficult to answer.
Also, be aware that use of the iptables string module can be somewhat CPU intensive. (Although I haven't used it for maybe about a decade (back then, one had to re-compile the kernel to use it)).
It looks as though you are trying to use a wild card in your string match rules. I don't know for sure, but I don't think it works that way.

Quote:

---

Originally Posted by Doug S

If you don't provide a larger context (i.e. your existing rule set), your question is difficult to answer.
Also, be aware that use of the iptables string module can be somewhat CPU intensive. (Although I haven't used it for maybe about a decade (back then, one had to re-compile the kernel to use it)).
It looks as though you are trying to use a wild card in your string match rules. I don't know for sure, but I don't think it works that way.

---

Hi,
I have made an other iptables script, I found the insert rules to difficult for now. It does work for now. I'll keep a look at the logs, and how more "empty" they are, the better. :)

Glad you got it sorted out. If you would be kind enough to report back, I would be very interested to know how the string rules are working for you in your application. I realize it might be several days before you know for sure.