From mboxrd@z Thu Jan 1 00:00:00 1970 From: "mikee" Date: Wed, 11 Jun 2003 18:43:56 +0000 Subject: [LARTC] kazaaa is making me crazy! Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org > anorther thing..this rule just filter the initial download request..that > would be okay if oyu want filter completely, but if you want to slwo > down (i mean using tc/htb/fwmarks) you wouldnt be matching the hole > download, only the request... > >iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP > > any comment, any idea? you can use iptables connmark extension (from patch -o-matic) to mark all p= ackets from connection, ie: iptables -t mangle -N detect-abusers #if string kazaa detected then connection will be marked iptables -t mangle -A detect-abusers -m string --string 'KaZaA' -j CONNMARK= --set-mark 0x1 #check if connection is marked, if not inspect packet iptables -t mangle -A PREROUTING -m connmark --mark 0x0 -j detect-abusers #set packet mark with those from connmark iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark and now you can use: tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw classid your_kaza= a_class i don't use string match so i'm not sure if that would work - personally i = detect "abusers" by destination port (well known ports http/smtp/pop3 are a= llowed at full speed) HTH __________________________ ignore ads below this line Zobacz nasz nowy serwis - wczasy za granic=B1 - http://hoga.travelplanet.pl/ ------------------------------------------------------------ Wiosn=B1 wirusy rosn=B1 bez pami=EAci!dlatego do pakiet=F3w wielostanowisko= wych mks_vir dok=B3adamy Mobile Disks. Sprawd=BC: http://www.mks.com.pl/promocja-mobile.html _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/