Menu
▾
▴
Re: [Devil-Linux-discuss] P2p traffic filtering
|
From: Fred F. <ffr...@lo...> - 2007-07-28 14:02:55
|
Filtering out Kazaa and friends while still allowing a permisive inside to outside firewall is something I like. On the other hand I should probably be running a proxy and blocking everything from the inside except what is allowed.=20 Fred Frigerio Locust USA =20 This electronic message transmission contains information from Locust USA which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by telephone (305-889-5410) or by reply via electronic mail immediately. -----Original Message----- From: dev...@li... [mailto:dev...@li...] On Behalf Of Heiko Zuerker Sent: Saturday, July 28, 2007 9:55 AM To: dev...@li... Subject: Re: [Devil-Linux-discuss] P2p traffic filtering On Sat, July 28, 2007 05:34, Jan Hugo Prins wrote: > Mgr. Motycka Jiri wrote: > >> Hi. >> >> >> Try to download testing version 1.2.14. Some time before I already=20 >> announce this problem and Heiko solved it by making a new version=20 >> where these libraries was presented. You can downloaded it from here: >> ftp://ftp.devil-linux.org/pub/devel/testing/ >> >> >> (libipt_ipp2p.so and libipt_layer7.so are in directory >> /usr/lib/iptables) >> >> >> BTW: Has anybody any experiences with layer7 in DL? >> I made one simple firewall rule which should block rtsp protocol and=20 >> this rule blocks nothing and content of the packets sends to the=20 >> syslog ? >> Does anybody know why ? >> >> >> This is the rule: >> $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto rtsp -j DROP >> >> >> Jiri Motycka >> >> >> >> > Yesterday evening I tried some rules on my firewall (DL 1.3.4) but I=20 > constantly get the following error: > > root@Devil:~ # iptables -t mangle -A POSTROUTING -m layer7 --l7proto=20 > http -j ACCEPT iptables: No chain/target/match by that name > > > The l7 stuff is selected in make menuconfig and iptables seems to have > the support for it, but I got the idea that there are some kernel=20 > modules missing or something. I expected some layer7 kernel modules=20 > but there is none in /lib/modules. Make sure you load all the needed modules via modprobe. > This is as far as I have come with this. > > > By the way, is it possible / easy to make a custom kernel config? What > are the steps that I should take to make this happen? I suppose that I > should take a kernel tree and do a make menuconfig and put the=20 > resulting config file in some special place or something? What patches > are by default patched into the kernel tree before starting the build? There's no built in way to change the config, you'll have to hack something. Are the changes something other people would need too? If yes, then we can change it in CVS. --=20 Regards Heiko Zuerker http://www.devil-linux.org ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
