On Jun 2 2007 20:49, Jan Engelhardt wrote: >Hello all, > > >regarding your questions in >http://lists.netfilter.org/pipermail/netfilter/2007-April/068496.html >and the thread >http://lists.netfilter.org/pipermail/netfilter-devel/2007-April/027675.html > >I think it's actually quite easy. How about: > > iptables -m u32 --u32 "8&0x0F00=0" minor glitch, it should read: for TCP (prot 6): iptables -m u32 --u32 "8 & 0x00FF0000 = 0x00060000" for UDP (prot 17): iptables -m u32 --u32 "8 & 0x00FF0000 = 0x00110000" for HBH (prot 0): iptables -m u32 --u32 "8 & 0x00FF0000 = 0x00000000" (Leading zeroes can be omitted of course.) And, for example completeness, have some shift, TCP: iptables -m u32 --u32 "8 & 0xFF0000 >> 16 = 6" Happy matching. Jan --
