I have this packets: 8365 3f47 e5aab87c3563bb7885a2 f76f 3f47 c58b189164198aabb126 fc6a 3f47 c572c0cc0bcf542e32f3 a988 3f47 2c3873bae9432f448c97 9688 3f47 85dac8c05a130798cbbc like you see the package just repeat 3F47 in the same position, that why i use --hex-string becouse this packet come from any ip. Iam ussing this rule atm: iptables -A INPUT -p tcp --dport 38500:38600 -m string --hex-string "|3f 47|" --from 42 --to 44 --algo bm -j DROP but im not sure about if gonna work. I need some info about, how check the offset from where start --FROM and --TO or another way to do this. I ust get 42/44 makeing test, but i dont have a good idea about how works the --from --to system. thanks in advance. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
