Menu
▾
▴
Re: [Devil-Linux-discuss] P2p traffic filtering
|
From: Fred F. <ffr...@lo...> - 2007-07-28 12:15:42
|
Did you download the newer version? Did you check un /usr/lib/iptables for the shared library file? I haven't had a chance to do that yet. The easiest way to check to see if things are there is to do iptables -m layer7 --help which should give you help if the module is there and a descriptive error of what is not working if it isn't. The kernel module is ipt_layer7 which is under kernel/net/netfilter (from memory so I may be missing something). > Hi. > > Try to download testing version 1.2.14. Some time before I already=20 > announce this problem and Heiko solved it by making a new version=20 > where these libraries was presented. You can downloaded it from here: > ftp://ftp.devil-linux.org/pub/devel/testing/ > > (libipt_ipp2p.so and libipt_layer7.so are in directory=20 > /usr/lib/iptables) > > BTW: Has anybody any experiences with layer7 in DL? > I made one simple firewall rule which should block rtsp protocol and=20 > this rule blocks nothing and content of the packets sends to the syslog ? > Does anybody know why ? > > This is the rule: > $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto rtsp -j DROP > > Jiri Motycka > > > =20 Yesterday evening I tried some rules on my firewall (DL 1.3.4) but I constantly get the following error: root@Devil:~ # iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j ACCEPT iptables: No chain/target/match by that name The l7 stuff is selected in make menuconfig and iptables seems to have the support for it, but I got the idea that there are some kernel modules missing or something. I expected some layer7 kernel modules but there is none in /lib/modules. This is as far as I have come with this. By the way, is it possible / easy to make a custom kernel config? What are the steps that I should take to make this happen? I suppose that I should take a kernel tree and do a make menuconfig and put the resulting config file in some special place or something? What patches are by default patched into the kernel tree before starting the build? Greetings, Jan Hugo Prins ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
