From: "S Mohan" <smohan@vsnl.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Layer 7 application blocking via tc/iptables?
Date: Fri, 29 Aug 2003 08:38:58 +0000 [thread overview]
Message-ID: <marc-lartc-106214542426886@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106201614032501@msgid-missing>
From the docs I've read, the U32 classifier itself can do this. May be worthwhile investigating.
Mohan
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Julien Gateaud
Sent: Friday, August 29, 2003 1:07 PM
To: Stef Coene; Derek; lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Layer 7 application blocking via tc/iptables?
On Thu, 28 Aug 2003 19:54:41 +0200, Stef Coene <stef.coene@docum.org>
wrote:
> On Wednesday 27 August 2003 22:25, Derek wrote:
>> Hi All,
>>
>>
>> I hope this is the correct place to ask about this, but can someone give
>> me an example of blocking a certain application via the layer 7 patch
>> and iproute/iptables?
>>
>> For more of a specific example, I'm trying to block certain instant
>> messaging clients on my network, and I have yet to find a way to do it
>> (using mark or otherwise).
>>
>> Any help would be greatly appreciated!
> Iptables can look at the packet contents. If you know how the clients
> are negotiating with the servers, you can block these packets. Or try to
> find out the ports and ip addresses and block these.
>
> Stef
>
In patch-o-matic there is a module called string which match if a string is
present into payload.
Maybe you could use that but i can't say if it's stable or not.
--
Julien Gateaud
Security Keepers S.A.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-08-29 8:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-27 20:25 [LARTC] Layer 7 application blocking via tc/iptables? Derek
2003-08-28 17:54 ` Stef Coene
2003-08-29 7:37 ` Julien Gateaud
2003-08-29 8:38 ` S Mohan [this message]
2003-08-29 8:47 ` Stef Coene
2003-08-29 9:09 ` Julien Gateaud
2003-08-29 15:34 ` Derek
2003-08-29 19:49 ` Steve Wright
2003-08-29 20:07 ` Derek
2003-08-29 20:28 ` Steve Wright
2003-08-29 20:43 ` Jasper Spaans
2003-08-29 20:58 ` Nicolas Orlando Nappe
2003-08-29 23:24 ` Martin A. Brown
2003-08-29 23:55 ` Steve Wright
2003-08-30 0:19 ` Martin A. Brown
2003-08-30 21:05 ` Oskar Andreasson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106214542426886@msgid-missing \
--to=smohan@vsnl.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.