Filter by Packet's size

Filter by Packet's size

[Michael Fernández M]

Hi, 

Is there a way to filter a picket by the size of it?, i mean I Would
like to filter all the packet hat it size 2 MB.

Is that possible?

Thanks to any answer.

Michael.-

Re: Filter by Packet's size

[Покотиленко Костик]

В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет:
> Hi, 
> 
> Is there a way to filter a picket by the size of it?, i mean I Would
> like to filter all the packet hat it size 2 MB.
> 
> Is that possible?
> 
> Thanks to any answer.

iptables -m length --length 0:1024

But let me admit that normal packet length is up to 1500 bytes, in some
cases up to 65535 bytes. Maybe you didn't correctly face the question?

-- 
Покотиленко Костик <casper@meteor.dp.ua>

Re: Filter by Packet's size

[Michael Fernández M]

On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote:
> В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет:
> > Hi, 
> > 
> > Is there a way to filter a picket by the size of it?, i mean I Would
> > like to filter all the packet hat it size 2 MB.
> > 
> > Is that possible?
> > 
> > Thanks to any answer.
> 
> iptables -m length --length 0:1024
> 

> But let me admit that normal packet length is up to 1500 bytes, in some
> cases up to 65535 bytes. Maybe you didn't correctly face the question?
> 

Yea, i know... but the thing is:

I have a mail server (Postfix), and if I restrict the size of messages
up to 2 MB.. then a user send an email (3 MB) and Postfix receive the
message an then say: "You cannot send this message because of the
size"... and send a notification to the user... so I want to stop the
packets before them arrives to Postfix... and take off this load to the
mail server...  

Now is better explain? 

Regars,...

Michael.-

Re: Filter by Packet's size

[Покотиленко Костик]

В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет:
> On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote:
> > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет:
> > > Hi, 
> > > 
> > > Is there a way to filter a picket by the size of it?, i mean I Would
> > > like to filter all the packet hat it size 2 MB.
> > > 
> > > Is that possible?
> > > 
> > > Thanks to any answer.
> > 
> > iptables -m length --length 0:1024
> > 
> 
> > But let me admit that normal packet length is up to 1500 bytes, in some
> > cases up to 65535 bytes. Maybe you didn't correctly face the question?
> > 
> 
> Yea, i know... but the thing is:
> 
> I have a mail server (Postfix), and if I restrict the size of messages
> up to 2 MB.. then a user send an email (3 MB) and Postfix receive the
> message an then say: "You cannot send this message because of the
> size"... and send a notification to the user... so I want to stop the
> packets before them arrives to Postfix... and take off this load to the
> mail server...  

1. You are mixing up 2 things: size of email (~tcp tream size) and
packet size. When you send an email of 3Mb size the process that is
happening is: tcp connection is being established (by sendning some tcp
packets) and your message (protocol smtp) is being sent split by packets
(commonly) 1500 bytes long.

2. iptables deals on ip/tcp level and know nothing about high protocols
such as smtp. Exclusion is iptables' level7 filter, which is not really
good idea.

Finaly , the right place to solve this situation is really in your
smtp-server (postfix).

-- 
Покотиленко Костик <casper@meteor.dp.ua>

Re: Filter by Packet's size

[Michael Fernández M]

On Mon, 2008-02-18 at 16:32 +0200, Покотиленко Костик wrote:
> В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет:
> > On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote:
> > > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет:
> > > > Hi, 
> > > > 
> > > > Is there a way to filter a picket by the size of it?, i mean I Would
> > > > like to filter all the packet hat it size 2 MB.
> > > > 
> > > > Is that possible?
> > > > 
> > > > Thanks to any answer.
> > > 
> > > iptables -m length --length 0:1024
> > > 
> > 
> > > But let me admit that normal packet length is up to 1500 bytes, in some
> > > cases up to 65535 bytes. Maybe you didn't correctly face the question?
> > > 
> > 
> > Yea, i know... but the thing is:
> > 
> > I have a mail server (Postfix), and if I restrict the size of messages
> > up to 2 MB.. then a user send an email (3 MB) and Postfix receive the
> > message an then say: "You cannot send this message because of the
> > size"... and send a notification to the user... so I want to stop the
> > packets before them arrives to Postfix... and take off this load to the
> > mail server...  
> 
> 1. You are mixing up 2 things: size of email (~tcp tream size) and
> packet size. When you send an email of 3Mb size the process that is
> happening is: tcp connection is being established (by sendning some tcp
> packets) and your message (protocol smtp) is being sent split by packets
> (commonly) 1500 bytes long.

> 2. iptables deals on ip/tcp level and know nothing about high protocols
> such as smtp. Exclusion is iptables' level7 filter, which is not really
> good idea.
> 
> Finaly , the right place to solve this situation is really in your
> smtp-server (postfix).


mmm, well, thanks a lot for your help and time. its very clear..

Michael.-


>