I'm trying to block a kind of DNS Amp attack by string iptables module inside openvz container.
i've asked vps hoster to enable the modulea and kindly all supported modules are loaded.
The module seemed to be loaded and "string" was appeared in /proc/net/ip_table_matches. but I could not add rules.
A simplest rule returns,
$ sudo iptables -t filter -A INPUT -m string --algo bm --string "test"
iptables: Invalid argument. Run `dmesg' for more information.
Is there something I have to do in container?
The vps is centos6.3 32bit minimal template, uname is
Linux *** 2.6.32-042stab068.8 #1 SMP Fri Dec 7 17:06:14 MSK 2012 i686 i686 i386 GNU/Linux
Thanks.