Laurence J. Lane <ljlane@xxxxxxxxxx> wrote: > diff --git a/extensions/libxt_string.man b/extensions/libxt_string.man > index b6b271d..ab395b2 100644 > --- a/extensions/libxt_string.man > +++ b/extensions/libxt_string.man > @@ -16,3 +16,9 @@ Matches the given pattern. > .TP > [\fB!\fP] \fB\-\-hex\-string\fP \fIpattern\fP > Matches the given pattern in hex notation. > +.TP > +Example: log HTTP GET requests for /test using string and hex string patterns > +.IP > +iptables \-A INPUT \-p tcp \-\-dport 80 \-m string \-\-algo bm \-\-string 'GET /test' \-j LOG > +.IP > +iptables \-A INPUT \-p tcp \-\-dport 80 \-m string \-\-algo bm \-\-hex\-string '|474554202F74657374|' \-j LOG The second example doesn't make much sense to me, IMHO, since there is no reason to use hex instead of ascii for this. What about something like -p udp --dport 53 -m string --algo bm --from 40 --to 57 --hex-string '|03|www|09|netfilter|03|org|00|' ? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html