TCP packet filter based on TCP sequence

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html

Moving on to the TCP header

Let's say I'd like to look at bytes 4-7 of the TCP header (the TCP sequence number)...

The final expression (check for TCP, check for unfragmented packet or first fragment, and jump over the IP header, checking that bytes 4-7 of the TCP header are equal to 41) is:

iptables -m u32 --u32 "6&0xFF=0x6 && 4&0x1FFF=0 && 0>>22&0x3C@4=0x29"