I want to block traffic that contain specific string "anypattern".
I know that the right iptables rule for that is:
iptables -m string --algo bm --string "anypattern" -j DROP
The problem that the data could be split to many TCP sequences. And there is a risk that the string "anypattern" could be split in 2 packets. For example the packet 1 will contains "anyp" and the second packet will contains "attern"
How I can make iptables detect TCP fragmentation and make the check on the final tcp payload?
Or are there a solution for such issue?
