Re: Filter by Packet's size - Покотиленко Костик

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Покотиленко Костик" <casper@meteor.dp.ua>
To: "Michael Fernández M" <michael@michael.cl>
Cc: netfilter@vger.kernel.org
Subject: Re: Filter by Packet's size
Date: Mon, 18 Feb 2008 16:32:25 +0200	[thread overview]
Message-ID: <1203345145.18561.13.camel@localhost> (raw)
In-Reply-To: <1203343140.2366.22.camel@amokk.microserv.cl>

В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет:
> On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote:
> > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет:
> > > Hi, 
> > > 
> > > Is there a way to filter a picket by the size of it?, i mean I Would
> > > like to filter all the packet hat it size 2 MB.
> > > 
> > > Is that possible?
> > > 
> > > Thanks to any answer.
> > 
> > iptables -m length --length 0:1024
> > 
> 
> > But let me admit that normal packet length is up to 1500 bytes, in some
> > cases up to 65535 bytes. Maybe you didn't correctly face the question?
> > 
> 
> Yea, i know... but the thing is:
> 
> I have a mail server (Postfix), and if I restrict the size of messages
> up to 2 MB.. then a user send an email (3 MB) and Postfix receive the
> message an then say: "You cannot send this message because of the
> size"... and send a notification to the user... so I want to stop the
> packets before them arrives to Postfix... and take off this load to the
> mail server...  

1. You are mixing up 2 things: size of email (~tcp tream size) and
packet size. When you send an email of 3Mb size the process that is
happening is: tcp connection is being established (by sendning some tcp
packets) and your message (protocol smtp) is being sent split by packets
(commonly) 1500 bytes long.

2. iptables deals on ip/tcp level and know nothing about high protocols
such as smtp. Exclusion is iptables' level7 filter, which is not really
good idea.

Finaly , the right place to solve this situation is really in your
smtp-server (postfix).

-- 
Покотиленко Костик <casper@meteor.dp.ua>

next prev parent reply	other threads:[~2008-02-18 14:32 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-18 12:25 Filter by Packet's size Michael Fernández M
2008-02-18 13:36 ` Покотиленко Костик
2008-02-18 13:59   ` Michael Fernández M
2008-02-18 14:32     ` Покотиленко Костик [this message]
2008-02-18 14:41       ` Michael Fernández M

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1203345145.18561.13.camel@localhost \
    --to=casper@meteor.dp.ua \
    --cc=michael@michael.cl \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.