Hi there Derek, There are two approaches to dropping traffic once you have identified it. I'll assume you have identified with an fwmark the traffic you wish to drop. : After I got the byte patterns and such, how might I go about blocking : that? I can't very well set the rate to 0k or anything like that, so : Ive been scratching my head on how to actually _block_ something with : iproute2. You can route it to a blackhole or you can create a policer with a drop action. Here are some examples, assuming an fwmark of 7: # echo "7 blackhole" >> /etc/iproute2/rt_tables # ip route add blackhole default table blackhole # ip rule add fwmark 7 table blackhole This creates a routing table number 7 called "blackhole", which contains exactly one route, a default route to a blackhole. Now, simply add a rule to your RPDB to select this routing table for packets with fwmark 7, and you are dropping all of these packets. If you'd prefer to use a policer, you can use something like this (untested): # tc filter add dev ppp0 parent 1:1 protocol ip \ > handle 6 fw flowid 1:8 \ > police rate 1bps burst 1 action drop/drop With that said, why don't you just use a -j DROP netfilter target? Wouldn't that be easier if you are already using netfilter? Best of luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
