i'm a little late on a reply but i'm sure lots of people can get some use out of it...
netfilter/iptables does do content filtering based on string though, its still in the experimental stages. the module is called ipt_string and is very powerful and from what i hear is fairly stable. A
WARNING though, i attempted to install it myself and completly f'd up my kernel and, since i forgot to make a backup of the kernel tree (though i'm not sure if even that would have helped) i had to completly reinstall slackware to get my iptables working again.
MAKE SURE YOU BACK UP YOUR KERNEL SOURCE TREE!
Now that being said, you need to update to at least iptables 1.2.3, though 1.2.4 is out now so you may want that instead. You can get em at the
netfilter homepage. You also need at least kernel 2.4.9. Now you should find a good guide on how to use the patch-o-matic but i'll give you my understanding of it.
Untar iptables
make pending-patches KERNEL_DIR=<kernel source dir>
###this will bring you you to a script that looks for patches which
###you don't already have installed and ask if you want to install them
make KERNEL_DIR=<kernel source dir>
make patch-o-matic KERNEL_DIR=<kernel source dir>
###now here is where you can enable STRING MATCH, go through
###the script of experimental patches and i would suggest saying
###no to ALL of them except for the STRING MATCH (ipt_string)
###module
now you need to recompile your kernel and enable Networking Options > Netfilter somethingorother > STRING MATCH
and now finish recompiling your kernel and it SHOULD work.
again, i can't stress this enough, backup your kernel source tree and your kernel
tar -cvpf /usr/src/linux /linuxsourcetree.tgz
here's a link to a guide that seems to be ok for ipt_string,
http://articles.linuxguru.net/view/120
though this is the page i used and f'd up with (but about 20 things went wrong that were my fault so i'm sure the page is good)
I'll be trying again in a couple days, once i get my new box to put up as the new firewall, taht way i have a spare one to mess with. So i'll let you know how it goes