Hi,

I want to be able to use netfilter/iptables to track a network flow after an initial packet has been found which contains a specified string. Each packet in the same flow thereafter should then be forwarded to the userspace level where I can then handle the packets using something like ulogd-pcap or fprobe-ulog (for netflow), or both.

An example will hopefully make this clearer. The first step I want to make is to look at the contents of each packet, and check if it contains a certain string. In this example lets say the string is "hello". On an individual packet level I know I could do something like this: -

iptables -A INPUT -m string --string 'hello' -j ULOG

What I really need to do now is somehow get iptables to forward every packet thereafter that is in the same flow as the initial packet to ULOG as well.

Can anyone tell me how I can do this?

Thanks for all your help.

Simon