Thanks!
Now it works :)
But I have another little problem: I need 2(3) different chains (one for traffic only from the router (done by this chain), one for the complete traffic generatet from router AND computers behind the router and one for connections only established from computers behind the router).
Any ideas how to accomplish that?
-FB
George Alexandru Dragoi wrote:
Try this iptables -t mangle -N local
iptablts -t mangle -A INPUT -i $INET_IFACE -j local iptables -t mangle -A OUTPUT -o $INET_IFACE -j local
iptables -t mangle -A local -p tcp -m layer7 --l7proto http -j DROP
I only think it may work, i say this because local packets are passing INPUT and OUTPUT, while routed packets will always pass POSTROUTING (and l7-filter need to make a match both ways: incoming and outgoing packets)
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
