From mboxrd@z Thu Jan 1 00:00:00 1970 From: "S Mohan" Date: Fri, 29 Aug 2003 08:38:58 +0000 Subject: RE: [LARTC] Layer 7 application blocking via tc/iptables? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org >From the docs I've read, the U32 classifier itself can do this. May be worthwhile investigating. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On Behalf Of Julien Gateaud Sent: Friday, August 29, 2003 1:07 PM To: Stef Coene; Derek; lartc@mailman.ds9a.nl Subject: Re: [LARTC] Layer 7 application blocking via tc/iptables? On Thu, 28 Aug 2003 19:54:41 +0200, Stef Coene wrote: > On Wednesday 27 August 2003 22:25, Derek wrote: >> Hi All, >> >> >> I hope this is the correct place to ask about this, but can someone give >> me an example of blocking a certain application via the layer 7 patch >> and iproute/iptables? >> >> For more of a specific example, I'm trying to block certain instant >> messaging clients on my network, and I have yet to find a way to do it >> (using mark or otherwise). >> >> Any help would be greatly appreciated! > Iptables can look at the packet contents. If you know how the clients > are negotiating with the servers, you can block these packets. Or try to > find out the ports and ip addresses and block these. > > Stef > In patch-o-matic there is a module called string which match if a string is present into payload. Maybe you could use that but i can't say if it's stable or not. -- Julien Gateaud Security Keepers S.A. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/