From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jody Shumaker Date: Fri, 23 Sep 2005 04:41:20 +0000 Subject: Re: [LARTC] p2p: ARES Message-Id: <43338770.9040701@gmail.com> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org For dropping purposes you only need to match the first packet and prevent the connection from starting, but for both forwarding and accepting you'll need to mark the whole connection, for most p2p that ipp2p matches it will only match the first packet of the connection, all further packets would be dropped with a simple rule like this. You really need to do something like this: MARKP2P=3 iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT # p2p marking iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc -j MARK --set-mark ${MARKP2P} iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j CONNMARK --save-mark iptables -A FORWARD -m mark --mark ${MARKP2P} -j ACCEPT I'm using something similar to this for all my shaping, works great for that. I don't see why the same connection marking shouldn't work for accepting - Jody Andreas Klauer wrote: >On Thursday 22 September 2005 22:32, LinuXKiD wrote: > > >>iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT >>iptables -A FORWARD -m ipp2p --ares -j ACCEPT >> >> > >Assuming that packets which are not accepted get dropped, IPP2P would have >to match the very first packet of every P2P connection for this to work >properly. I'm not sure that's a given. So far I've only used it for >shaping and dropping purposes, and in both cases it does not matter wether >the matched packet is the first, second, or third one... > >Regards, >Andreas >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc