Hi there,
I have a little problem. I had this some months ago but didn't solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too.
Now I inserted this line in my firewall script on my router for testing purpose:
$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP
It works, BUT only if the connection is established by a pc BEHIND the router (the connection is blocked). If I try to establish a http connection from the router itself it works completely (layer 7 is NOT working, the connection is working, thats what I wanted to say *g*.
Now I changed the line above to this:
$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --dport 80 -j DROP
and see, it works in BOTH cases. But thats no solution as I need Layer 7 also for router-connections. I also tried ftp als layer7 protocol, same thing.
Anyone has an idea why this is happening?
Thanks in advance.
-FB _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
