I am also finding this feature. (I am trying to match on the ip fragmentation offset field.) I am wondering why iptables don't come up with a more 'generic' module to match any pattern in IP header using some kind of mask? Any idea? Regards, philip Peteris Krumins wrote: > Hello, > > Is there a way to match single bit (two bits, byte etc.) in a packet using iptables? > (without queuing to userspace) > > For example i'd like to match bit 41 in IP packet - reserved flag. > or if bits 42 and 43 both are not set.. > > > P.Krumins
