Hello all, regarding your questions in http://lists.netfilter.org/pipermail/netfilter/2007-April/068496.html and the thread http://lists.netfilter.org/pipermail/netfilter-devel/2007-April/027675.html I think it's actually quite easy. How about: iptables -m u32 --u32 "8&0x0F00=0" This takes bytes 8+4 of a packet (bytes 8,9,10,11), ANDs it with 0x0F00, so as to get only byte 9 (which is the IPv4 field for the Layer4 protocol) and see if it is 0. (Yes, we would have to use a shift before comparing, but since comparing for protocol zero, it does not matter.) Ok, everyone got that? :) Jan --
