On Sunday 2023-06-11 13:34, Jeremy Sowden wrote: > iptables \-p udp \-\-dport 53 \-m string \-\-algo bm \-\-from 40 \-\-to 57 \-\-hex\-string '|03|www|09|netfilter|03|org|00|' >+.P >+NB since Boyer-Moore (BM) performs searches for matches from right to left and >+the kernel may store a packet in multiple discontiguous blocks, it's possible >+that a match could be spread over multiple blocks, in which case this algorithm >+won't find it. It was better when it just said "Note" instead of NB (notebook, nota bene)
