hi, I am trying to write a worm filtering utility on application layer.
i have setup following rule to drop tcp packet with specific substring.
iptables -A INPUT -p tcp -m string --string "test" -j DROP --algo kmp
however,once a packet with matching string is found all the subsequent packets, even with non matching strings are dropped, until i flush the rule from iptable.
i would like to know why is this happening and what is the solution for it.
thanks