MaxKellermann · and0x000 · Aug 11, 2022 · Aug 11, 2022 · Aug 11, 2022
diff --git a/NEWS b/NEWS
@@ -10,6 +10,7 @@
 v2.8 - not yet released
   - updated netfilter modules:
     * length2
+    * string (add icase parameter)
 
 
 v2.7 - 5 May 2022

diff --git a/doc/ferm.pod b/doc/ferm.pod
@@ -1147,7 +1147,7 @@ iptables(8) man page.
 Matches a string.
 
     mod string string "foo bar" ACCEPT;
-    mod string algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT;
+    mod string icase algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT;
 
 =item B<tcp>
 

diff --git a/src/ferm b/src/ferm
@@ -307,7 +307,7 @@ add_match_def 'set', qw(!match-set=sc set:=match-set return-nomatch*0 !update-co
 add_match_def 'socket', qw(transparent*0 nowildcard*0 restore-skmark*0);
 add_match_def 'state', qw(!state=c);
 add_match_def 'statistic', qw(mode=s probability=s every=s packet=s);
-add_match_def 'string', qw(algo=s from=s to=s string hex-string);
+add_match_def 'string', qw(algo=s from=s to=s icase*0 string hex-string);
 add_match_def 'tcpmss', qw(!mss);
 add_match_def 'time', qw(timestart=s timestop=s days=c datestart=s datestop=s),
   qw(!monthday=c !weekdays=c kerneltz*0 contiguous*0);

diff --git a/test/modules/string.ferm b/test/modules/string.ferm
@@ -1,4 +1,4 @@
 table filter chain INPUT {
     mod string string "foo bar" ACCEPT;
-    mod string algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT;
+    mod string algo kmp from 64 to 128 icase hex-string "deadbeef" ACCEPT;
 }
diff --git a/test/modules/string.result b/test/modules/string.result
@@ -1,2 +1,2 @@
 iptables -t filter -A INPUT -m string --string 'foo bar' -j ACCEPT
-iptables -t filter -A INPUT -m string --algo kmp --from 64 --to 128 --hex-string deadbeef -j ACCEPT
+iptables -t filter -A INPUT -m string --algo kmp --from 64 --to 128 --icase --hex-string deadbeef -j ACCEPT