* Filter by Packet's size @ 2008-02-18 12:25 Michael Fernández M 2008-02-18 13:36 ` Покотиленко Костик 0 siblings, 1 reply; 5+ messages in thread From: Michael Fernández M @ 2008-02-18 12:25 UTC (permalink / raw) To: netfilter Hi, Is there a way to filter a picket by the size of it?, i mean I Would like to filter all the packet hat it size 2 MB. Is that possible? Thanks to any answer. Michael.- ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Filter by Packet's size 2008-02-18 12:25 Filter by Packet's size Michael Fernández M @ 2008-02-18 13:36 ` Покотиленко Костик 2008-02-18 13:59 ` Michael Fernández M 0 siblings, 1 reply; 5+ messages in thread From: Покотиленко Костик @ 2008-02-18 13:36 UTC (permalink / raw) To: Michael Fernández M; +Cc: netfilter В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет: > Hi, > > Is there a way to filter a picket by the size of it?, i mean I Would > like to filter all the packet hat it size 2 MB. > > Is that possible? > > Thanks to any answer. iptables -m length --length 0:1024 But let me admit that normal packet length is up to 1500 bytes, in some cases up to 65535 bytes. Maybe you didn't correctly face the question? -- Покотиленко Костик <casper@meteor.dp.ua> ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Filter by Packet's size 2008-02-18 13:36 ` Покотиленко Костик @ 2008-02-18 13:59 ` Michael Fernández M 2008-02-18 14:32 ` Покотиленко Костик 0 siblings, 1 reply; 5+ messages in thread From: Michael Fernández M @ 2008-02-18 13:59 UTC (permalink / raw) To: casper; +Cc: netfilter On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote: > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет: > > Hi, > > > > Is there a way to filter a picket by the size of it?, i mean I Would > > like to filter all the packet hat it size 2 MB. > > > > Is that possible? > > > > Thanks to any answer. > > iptables -m length --length 0:1024 > > But let me admit that normal packet length is up to 1500 bytes, in some > cases up to 65535 bytes. Maybe you didn't correctly face the question? > Yea, i know... but the thing is: I have a mail server (Postfix), and if I restrict the size of messages up to 2 MB.. then a user send an email (3 MB) and Postfix receive the message an then say: "You cannot send this message because of the size"... and send a notification to the user... so I want to stop the packets before them arrives to Postfix... and take off this load to the mail server... Now is better explain? Regars,... Michael.- ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Filter by Packet's size 2008-02-18 13:59 ` Michael Fernández M @ 2008-02-18 14:32 ` Покотиленко Костик 2008-02-18 14:41 ` Michael Fernández M 0 siblings, 1 reply; 5+ messages in thread From: Покотиленко Костик @ 2008-02-18 14:32 UTC (permalink / raw) To: Michael Fernández M; +Cc: netfilter В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет: > On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote: > > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет: > > > Hi, > > > > > > Is there a way to filter a picket by the size of it?, i mean I Would > > > like to filter all the packet hat it size 2 MB. > > > > > > Is that possible? > > > > > > Thanks to any answer. > > > > iptables -m length --length 0:1024 > > > > > But let me admit that normal packet length is up to 1500 bytes, in some > > cases up to 65535 bytes. Maybe you didn't correctly face the question? > > > > Yea, i know... but the thing is: > > I have a mail server (Postfix), and if I restrict the size of messages > up to 2 MB.. then a user send an email (3 MB) and Postfix receive the > message an then say: "You cannot send this message because of the > size"... and send a notification to the user... so I want to stop the > packets before them arrives to Postfix... and take off this load to the > mail server... 1. You are mixing up 2 things: size of email (~tcp tream size) and packet size. When you send an email of 3Mb size the process that is happening is: tcp connection is being established (by sendning some tcp packets) and your message (protocol smtp) is being sent split by packets (commonly) 1500 bytes long. 2. iptables deals on ip/tcp level and know nothing about high protocols such as smtp. Exclusion is iptables' level7 filter, which is not really good idea. Finaly , the right place to solve this situation is really in your smtp-server (postfix). -- Покотиленко Костик <casper@meteor.dp.ua> ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Filter by Packet's size 2008-02-18 14:32 ` Покотиленко Костик @ 2008-02-18 14:41 ` Michael Fernández M 0 siblings, 0 replies; 5+ messages in thread From: Michael Fernández M @ 2008-02-18 14:41 UTC (permalink / raw) To: casper; +Cc: netfilter On Mon, 2008-02-18 at 16:32 +0200, Покотиленко Костик wrote: > В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет: > > On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote: > > > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет: > > > > Hi, > > > > > > > > Is there a way to filter a picket by the size of it?, i mean I Would > > > > like to filter all the packet hat it size 2 MB. > > > > > > > > Is that possible? > > > > > > > > Thanks to any answer. > > > > > > iptables -m length --length 0:1024 > > > > > > > > But let me admit that normal packet length is up to 1500 bytes, in some > > > cases up to 65535 bytes. Maybe you didn't correctly face the question? > > > > > > > Yea, i know... but the thing is: > > > > I have a mail server (Postfix), and if I restrict the size of messages > > up to 2 MB.. then a user send an email (3 MB) and Postfix receive the > > message an then say: "You cannot send this message because of the > > size"... and send a notification to the user... so I want to stop the > > packets before them arrives to Postfix... and take off this load to the > > mail server... > > 1. You are mixing up 2 things: size of email (~tcp tream size) and > packet size. When you send an email of 3Mb size the process that is > happening is: tcp connection is being established (by sendning some tcp > packets) and your message (protocol smtp) is being sent split by packets > (commonly) 1500 bytes long. > 2. iptables deals on ip/tcp level and know nothing about high protocols > such as smtp. Exclusion is iptables' level7 filter, which is not really > good idea. > > Finaly , the right place to solve this situation is really in your > smtp-server (postfix). mmm, well, thanks a lot for your help and time. its very clear.. Michael.- > ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-02-18 14:41 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-02-18 12:25 Filter by Packet's size Michael Fernández M 2008-02-18 13:36 ` Покотиленко Костик 2008-02-18 13:59 ` Michael Fernández M 2008-02-18 14:32 ` Покотиленко Костик 2008-02-18 14:41 ` Michael Fernández M
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox