From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Leblond <eric@regit.org>
Date: Wed, 12 Mar 2003 15:03:48 +0000
Subject: Re: [LARTC] matching ftp - how?
MIME-Version: 1
Content-Type: multipart/mixed; boundary="=-fBUtabkf8qAEdrmB/Cyn"
Message-Id: <marc-lartc-104748143020091@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104747890714929@msgid-missing>
In-Reply-To: <marc-lartc-104747890714929@msgid-missing>
To: lartc@vger.kernel.org


--=-fBUtabkf8qAEdrmB/Cyn
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-03-12 at 15:18, Abraham van der Merwe wrote:
> iptables -A FORWARD -s $net -m conntrack --proto ftp
> iptables -A FORWARD -s $net -m conntrack --proto irc
> iptables -A FORWARD -s $net -m conntrack --proto h323

To do so you can use the conmarck module (from iptable pom) : the mark
of the packet is given following the conntrack. It's a bit tricky to use
(you have to restore mark) but it do the job.

--=20
Eric Leblond <eric@regit.org>
Regit.org

--=-fBUtabkf8qAEdrmB/Cyn
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+b0xTnxA7CdMWjzIRAsbxAJ4p4ArEZ/UuDIEgDdnAcfHt/cPUzwCdGiHR
bq7gPlqFm1oAEWlxpaKlOY4=
=qvQK
-----END PGP SIGNATURE-----

--=-fBUtabkf8qAEdrmB/Cyn--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/