From: Steve Wright <paua@quicksilver.net.nz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Layer 7 application blocking via tc/iptables?
Date: Fri, 29 Aug 2003 20:28:38 +0000 [thread overview]
Message-ID: <marc-lartc-106218922411790@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106201614032501@msgid-missing>
On Sat, 2003-08-30 at 08:07, Derek wrote:
> Thanks, Steve,
>
> After I got the byte patterns and such, how might I go about
> blocking that? I can't very well set the rate to 0k or anything like
> that, so Ive been scratching my head on how to actually _block_
> something with iproute2. Hmm, If I pull together enough info, maybe I'll
> throw together a HOWTO or something.
I don't know enough to spoonfeed you on this.
Google will help. keywords ;
u32 examples iptables block match pattern
Try http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH06.web.html
(see 6.4.4 u32 filter)
Consider using u32 to add a fwmark, and then an iptables entry to block
all with that fwmark. You can place the fwmark on one machine, and then
iptables block it on another if necessary.
HTH,
Steve
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-08-29 20:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-27 20:25 [LARTC] Layer 7 application blocking via tc/iptables? Derek
2003-08-28 17:54 ` Stef Coene
2003-08-29 7:37 ` Julien Gateaud
2003-08-29 8:38 ` S Mohan
2003-08-29 8:47 ` Stef Coene
2003-08-29 9:09 ` Julien Gateaud
2003-08-29 15:34 ` Derek
2003-08-29 19:49 ` Steve Wright
2003-08-29 20:07 ` Derek
2003-08-29 20:28 ` Steve Wright [this message]
2003-08-29 20:43 ` Jasper Spaans
2003-08-29 20:58 ` Nicolas Orlando Nappe
2003-08-29 23:24 ` Martin A. Brown
2003-08-29 23:55 ` Steve Wright
2003-08-30 0:19 ` Martin A. Brown
2003-08-30 21:05 ` Oskar Andreasson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106218922411790@msgid-missing \
--to=paua@quicksilver.net.nz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.