From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Gateaud <jgateaud@securitykeepers.com>
Date: Fri, 29 Aug 2003 07:37:11 +0000
Subject: Re: [LARTC] Layer 7 application blocking via tc/iptables?
Message-Id: <marc-lartc-106214274124813@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-106201614032501@msgid-missing>
In-Reply-To: <marc-lartc-106201614032501@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Thu, 28 Aug 2003 19:54:41 +0200, Stef Coene <stef.coene@docum.org> 
wrote:

> On Wednesday 27 August 2003 22:25, Derek wrote:
>> Hi All,
>>
>>
>> I hope this is the correct place to ask about this, but can someone give
>> me an example of blocking a certain application via the layer 7 patch
>> and iproute/iptables?
>>
>> For more of a specific example, I'm trying to block certain instant
>> messaging clients on my network, and I have yet to find a way to do it
>> (using mark or otherwise).
>>
>> Any help would be greatly appreciated!
> Iptables can look at the packet contents.  If you know how the clients 
> are negotiating with the servers, you can block these packets.  Or try to 
> find out the ports and ip addresses and block these.
>
> Stef
>
In patch-o-matic there is a module called string which match if a string is 
present into payload.
Maybe you could use that but i can't say if it's stable or not.

-- 
Julien Gateaud
Security Keepers S.A.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/