search for: l7dir

...nd slack 10.1) Here is my iptables test script: #!/bin/bash iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp -m layer7 --l7dir /home/dda/l7dir --l7proto http -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp -m layer7 --l7dir /home/dda/l7dir --l7proto http -j ACCEPT iptables -A INPUT -i eth0 -p udp -m layer7 --l7dir /home/dda/l7dir --l7proto dns -j ACCEPT iptables -A OUTPUT -o eth0 -p udp -m layer7 --l7dir /home/dda/l7dir --l7...

Hi, I have simple question about Skype. What are the methods of selecting packets which belongs to Skype?? I know about 7layer but I don''t belive that is only way. Is 7layer realy good and stable solution for routers which must handle more than 1000 users ? Thanks in advance Pozdrawiam Szymon Turkiewicz

...ns) -compiled and installed kernel Now I tried to mark some packets with layer 7 so that I can shape them with tc afterwards. But nothing changed, outgoing connection still didn''t changed. So I changed the line in the iptables-script to this: $IPTABLES -t filter -A OUTPUT -m layer7 --l7dir /etc/l7-protocols --l7proto ftp -j DROP before it was: $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-mark 322 but nothing of them worked (I could still connect over ftp). The /proc/net/layer7_numpackets is 08 (don''t know which 8 packets got identified ther...

...ssh connection rule $IPT -t mangle -A MYOUT -p tcp --sport ssh -j CLASSIFY --set-class 1:20 $IPT -t mangle -A MYOUT -p tcp --dport ssh -j CLASSIFY --set-class 1:20 # outgoing P2P rules -- these are close to last b/c they use relatively costly layer 7 matching $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto directconnect -j CLASSIFY --set-class 1:40 $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto fasttrack -j CLASSIFY --set-class 1:40 # outgoing default rule - unmarked packets get schleped into lowest prio $IPT -t mangle -A MYOUT...