> anorther thing..this rule just filter the initial download request..that > would be okay if oyu want filter completely, but if you want to slwo > down (i mean using tc/htb/fwmarks) you wouldnt be matching the hole > download, only the request... > >iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP > > any comment, any idea? you can use iptables connmark extension (from patch -o-matic) to mark all packets from connection, ie: iptables -t mangle -N detect-abusers #if string kazaa detected then connection will be marked iptables -t mangle -A detect-abusers -m string --string 'KaZaA' -j CONNMARK --set-mark 0x1 #check if connection is marked, if not inspect packet iptables -t mangle -A PREROUTING -m connmark --mark 0x0 -j detect-abusers #set packet mark with those from connmark iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark and now you can use: tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw classid your_kazaa_class i don't use string match so i'm not sure if that would work - personally i detect "abusers" by destination port (well known ports http/smtp/pop3 are allowed at full speed) HTH __________________________ ignore ads below this line Zobacz nasz nowy serwis - wczasy za granicą - http://hoga.travelplanet.pl/ ------------------------------------------------------------ Wiosną wirusy rosną bez pamięci!dlatego do pakietów wielostanowiskowych mks_vir dokładamy Mobile Disks. Sprawdź: http://www.mks.com.pl/promocja-mobile.html
