From mboxrd@z Thu Jan  1 00:00:00 1970
From: FB <register@flintz.de>
Date: Mon, 24 Jan 2005 18:45:52 +0000
Subject: Re: [LARTC] Layer 7 packet classifier doesn't recognize packets sent
Message-Id: <41F54260.9010601@flintz.de>
List-Id: <lartc.vger.kernel.org>
References: <41F2BE8C.9050101@flintz.de>
In-Reply-To: <41F2BE8C.9050101@flintz.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Thanks!

Now it works :)

But I have another little problem: I need 2(3) different chains (one for 
traffic only from the router (done by this chain), one for the complete 
traffic generatet from router AND computers behind the router and one 
for connections only established from computers behind the router).

Any ideas how to accomplish that?

-FB

George Alexandru Dragoi wrote:
> Try this
> iptables -t mangle -N local
> 
> iptablts -t mangle -A INPUT -i $INET_IFACE -j local
> iptables -t mangle -A OUTPUT -o $INET_IFACE -j local
> 
> iptables -t mangle -A local -p tcp -m layer7 --l7proto http -j DROP
> 
> I only think it may work, i say this because local packets are passing
> INPUT and OUTPUT, while routed packets will always pass POSTROUTING
> (and l7-filter need to make a match both ways: incoming and outgoing
> packets)

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/