Re: [Devil-Linux-discuss] P2p traffic filtering

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Mgr. Motycka Jiri wrote:
> Hi.
>
> Try to download testing version 1.2.14. Some time before I already 
> announce this problem and Heiko solved it by making a new version where 
> these libraries was presented. You can downloaded it from here:
> ftp://ftp.devil-linux.org/pub/devel/testing/
>
> (libipt_ipp2p.so and libipt_layer7.so are in directory /usr/lib/iptables)
>
> BTW: Has anybody any experiences with layer7 in DL?
> I made one simple firewall rule which should block rtsp protocol and 
> this rule blocks nothing and content of the packets sends to the syslog ?
> Does anybody know why ?
>
> This is the rule:
> $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto rtsp -j DROP
>
> Jiri Motycka
>
>
>   
Yesterday evening I tried some rules on my firewall (DL 1.3.4) but I 
constantly get the following error:

root@Devil:~ # iptables -t mangle -A POSTROUTING -m layer7 --l7proto 
http -j ACCEPT
iptables: No chain/target/match by that name

The l7 stuff is selected in make menuconfig and iptables seems to have 
the support for it, but I got the idea that there are some kernel 
modules missing or something.
I expected some layer7 kernel modules but there is none in /lib/modules.

This is as far as I have come with this.

By the way, is it possible / easy to make a custom kernel config? What 
are the steps that I should take to make this happen?
I suppose that I should take a kernel tree and do a make menuconfig and 
put the resulting config file in some special place or something?
What patches are by default patched into the kernel tree before starting 
the build?

Greetings,
Jan Hugo Prins