similar to: Marks not working...

Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hi, I get this error when trying to insmod the ipp2p kernel module: "insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format" in the kernel log: "ipt_ipp2p: disagrees about version of symbol struct_module" Kernel version 2.6.20.4 iptables version: 1.3.5 ipp2p version: 0.8.2 (latest) Anyone tried ipp2p with kernel 2.6.20? Best Regards Niclas

Hello, loading conntrack resolve my problem ... layer 7 have got a dependency with conntrack but doesn''t load it automaticaly... so module is loaded but no packets match with l7-protocols ... reported as a bug http://sourceforge.net/tracker/index.php?func=detail&aid=1596065&group_id=80085&atid=558668 regards ArcosCom Linux User a écrit : > With: >

Hello list, I''m newbie in this list. Well, i''m going crazy with ipp2p. Googling i find a mini-howto but i''ve got problems. 1) Download: * iptables-dev (apt-get) * kernel-headers-2.x.x (your kernel, "uname -r") * src of your iptables (iptables -V and apt-get source) * ipp2p-0.8.0.tar.gz (stable) 2) untar ipp2p and cd ipp2p 3) Edit Makefile, if it''s

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not

Hello every body: I have RedHat fedora core 2 machine, using iptables and squid. I am having a lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have installed ipp2p from rpm. Every thing was ok until I use iptables rules. I get this error. [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP iptables: No chain/target/match by that name sames

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hello, can anybody interpret what the following means: [root@funke ipp2p-0.8.0]# iptables -t mangle -A MarkList0x666-ipp2p -p tcp -m ipp2p --edk -j MarkSet0x666 iptables: Unknown error 4294967295 ----- I have installed ipp2p-0.8.0 via: make copied ipt_ipp2p.ko to my kernel lib dir copied libipt_ipp2p.so to my iptables lib dir insmod ipt_ipp2p gives the following in dmesg: IPP2P v0.8.0

Hi, I''ve a linux as router nat + firewall (POLICY DROP for INPUT OUTPUT and FORWARD) but, I''ve put next rules for p2p software on FORWARD chain [... snip ... ] iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -j ACCEPT [... snip ... ] iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT iptables -A

Hi all, We are trying to upgrade to iptables 1.4.1+ however the ipp2p module now it is included in the xtables-addons modules. In the xtables-addons modules the commad line for ipp2p is changed and the -m ipp2p --ipp2p option is not supported anymore .... instead the maintainer requires that we use -m ipp2p --bit ... -m ipp2p --kaza for each different P2P protocol. as a result shorewall does

Hi, if I want to block ALL p2p traffic, ( bit torrent and apple included )... which is better ? # iptables -A FORWARD -p tcp -m ipp2p --ipp2p --bit --apple -j DROP or... # iptables -A FORWARD -p tcp -m ipp2p --ipp2p -j DROP # iptables -A FORWARD -p tcp -m ipp2p --bit -j DROP # iptables -A FORWARD -p tcp -m ipp2p --apple -j DROP ??? bests andres

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom

Hello, I''m trying to use iptables rules to prioritize p2p trafic. I use ipp2p-0.8 but it give me errors : Ipt-ipp2p : unknow symbol ntohl Ipt-ipp2p : unknow symbol ntohs When i compiled ipp2p it gave me warnings : "ntohs" …/ipt-ipp2p.ko undefined "ntohl" …/ipt-ipp2p.ko undefined Any suggestion ? gege

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

On the ipp2p web site, on the download section (http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html) there is no kernel patch for ipp2p 0.5c or for ipp2p 0.6. Just the source for the iptables module. Is there something missing ? Do I not have to patch the kernel for 0.5c or 0.6 ? jnk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

I think I''ve found a mistake in the http://www.shorewall.net/ipp2p.html documentation. I''ve been trying to get traffic shaping working on the p2p traffic (Using ipp2p and wonder shaper) and lossing clumps of hair in the process. I followed the web page documentation but the "tcpost" rule that clasifies the packet and actually starts the "castration"