From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andre Lorenz Date: Wed, 11 Jun 2003 19:25:45 +0000 Subject: Re: [LARTC] kazaaa is making me crazy! Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Am Mittwoch, 11. Juni 2003 20:43 schrieb mikee: > > anorther thing..this rule just filter the initial download request..that > > would be okay if oyu want filter completely, but if you want to slwo > > down (i mean using tc/htb/fwmarks) you wouldnt be matching the hole > > download, only the request... > > > >iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP > > > > any comment, any idea? > > you can use iptables connmark extension (from patch -o-matic) to mark all > packets from connection, ie: > > iptables -t mangle -N detect-abusers > #if string kazaa detected then connection will be marked > iptables -t mangle -A detect-abusers -m string --string 'KaZaA' -j CONNMARK > --set-mark 0x1 > > #check if connection is marked, if not inspect packet > iptables -t mangle -A PREROUTING -m connmark --mark 0x0 -j detect-abusers > #set packet mark with those from connmark > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > Hello, I'm filtering Kazaa with this strings and it works fine with: $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT --reject-with tcp-reset $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT --reject-with tcp-reset $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT --reject-with tcp-reset $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j REJECT --reject-with tcp-reset With friendly Regards Andre _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/