I would like to use the U32 match with IPTables. I am having a huge amount of trouble getting it to work though. I have tried POM-ng, the xt_u32 patch on the dev list, SVN versions of IP Tables, IP Tables 1.3.8, 1.3.5, all to no avail. I am compiling the U32 module as a module in the kernel, and every time I have gotten iptables: Invalid Argument when I try to use iptables -A INPUT -m u32 --u32 '2&0xFFFF=0x2:0x0100' -j DROP or anything related to u32. dmesg shows: ip_tables: u32 match: invalid size 1984 != 2028. I have tried changing the defines in /usr/src/linux/include/linux/netfilter/xt_u32.h so that the structure has the same size, but I'm a bit worried this will break other things (and it didn't fix it anyway). Has anyone had any luck with this module, and if so, what versions are you using and where did you get the U32 module? I'm currently using gentoo patched kernel 2.6.21-r4 and iptables 1.3.8. Thanks!
