similar to: Modules

Hi! How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hi all, I have found problems in p2p traffic detection. The ipp2p module works fine but in shorewall the rules written for this protocols never match because the initials p2p connection (login) match in ''-m state --state RELATED,ESTABLISHED -j ACCEPT'' rule before ''-m ipp2p --ipp2p -j DROP'' rule, so netfilter never filter p2p traffic. I have had to run

I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for

hi all, I''m writing not for technical problems but for a simple question. Do You know if there is a distro which is ready for traffic shaping etc. ''out of the box''? I mean a distro which does not require patching the kernel and/or iptables and/or installing from source etc. and gives the user most of the tools needed (imq, ipp2p, l7filter and so on). many thanks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom

Hi! I''m wondering whether anyone has successfully set up a bandwidth control system using ipp2p and shorewall. I have been able to drop connecions altogether, but I don''t seem to be able to get CONNMARK working with ipp2p. Any pointers would be greatly appreciated :) ______________________________ Mario R. Pizzolanti

The shorewall work with l7-filter? _____________________________________________________ Keny Hayakawa Schmeling Diretor Comercial/Administravivo Tel: 5566-1465 Fax: 5566-6541 http://www.optinfo.com.br kenyhs@optinfo.com.br _/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance.

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

Subject almost says it all, I wonder if there is a way for me to use iptables matches like l7 and/or ipp2p match in a bridge ( one ethernet in and one ethernet out ) ? Regards.

re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I''m planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a

I think I''ve found a mistake in the http://www.shorewall.net/ipp2p.html documentation. I''ve been trying to get traffic shaping working on the p2p traffic (Using ipp2p and wonder shaper) and lossing clumps of hair in the process. I followed the web page documentation but the "tcpost" rule that clasifies the packet and actually starts the "castration"

Hi peploe, i am new in the list, i need know, how blocked the Amule/emule in shorewall? My dist. debian version: 3.2.6-shorewall -- .~. / v \ Seja Livre, use GNU/Linux! /( )\ ^^-^^ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005.

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?