From: Jody Shumaker <jody.shumaker@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] p2p: ARES
Date: Fri, 23 Sep 2005 04:41:20 +0000 [thread overview]
Message-ID: <43338770.9040701@gmail.com> (raw)
In-Reply-To: <NHBBLNDNFKDMKNNKGOMMOEEMMHAA.gregoriandres@yahoo.com.ar>
For dropping purposes you only need to match the first packet and
prevent the connection from starting, but for both forwarding and
accepting you'll need to mark the whole connection, for most p2p that
ipp2p matches it will only match the first packet of the connection,
all further packets would be dropped with a simple rule like this.
You really need to do something like this:
MARKP2P=3
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT
# p2p marking
iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc
-j MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j
CONNMARK --save-mark
iptables -A FORWARD -m mark --mark ${MARKP2P} -j ACCEPT
I'm using something similar to this for all my shaping, works great for
that. I don't see why the same connection marking shouldn't work for
accepting
- Jody
Andreas Klauer wrote:
>On Thursday 22 September 2005 22:32, LinuXKiD wrote:
>
>
>>iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT
>>iptables -A FORWARD -m ipp2p --ares -j ACCEPT
>>
>>
>
>Assuming that packets which are not accepted get dropped, IPP2P would have
>to match the very first packet of every P2P connection for this to work
>properly. I'm not sure that's a given. So far I've only used it for
>shaping and dropping purposes, and in both cases it does not matter wether
>the matched packet is the first, second, or third one...
>
>Regards,
>Andreas
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-09-23 4:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-22 20:32 [LARTC] p2p: ARES LinuXKiD
2005-09-22 20:58 ` Peter Surda
2005-09-22 22:02 ` Andreas Klauer
2005-09-23 4:41 ` Jody Shumaker [this message]
2005-09-23 7:53 ` Klaus
2005-09-23 15:23 ` LinuXKiD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43338770.9040701@gmail.com \
--to=jody.shumaker@gmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.