iptables drop packet by hex string match
Solution 1:
The hex string needs to be surrounded by |
symbols. The spaces are optional
iptables --append INPUT --match string --algo kmp --hex-string '|f4 6d 04 25 b2 02 00 0a|' --jump ACCEPT
Note that string matching should be a last resort. It's intensive, and unreliable because it works on packets not connections. It also only starts working on the third packet in a TCP connection which limits what actions you can use (you can't NAT the connection for example).