>From the docs I've read, the U32 classifier itself can do this. May be worthwhile investigating. Mohan -----Original Message----- From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On Behalf Of Julien Gateaud Sent: Friday, August 29, 2003 1:07 PM To: Stef Coene; Derek; lartc@xxxxxxxxxxxxxxx Subject: Re: Layer 7 application blocking via tc/iptables? On Thu, 28 Aug 2003 19:54:41 +0200, Stef Coene <stef.coene@xxxxxxxxx> wrote: > On Wednesday 27 August 2003 22:25, Derek wrote: >> Hi All, >> >> >> I hope this is the correct place to ask about this, but can someone give >> me an example of blocking a certain application via the layer 7 patch >> and iproute/iptables? >> >> For more of a specific example, I'm trying to block certain instant >> messaging clients on my network, and I have yet to find a way to do it >> (using mark or otherwise). >> >> Any help would be greatly appreciated! > Iptables can look at the packet contents. If you know how the clients > are negotiating with the servers, you can block these packets. Or try to > find out the ports and ip addresses and block these. > > Stef > In patch-o-matic there is a module called string which match if a string is present into payload. Maybe you could use that but i can't say if it's stable or not. -- Julien Gateaud Security Keepers S.A. _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
