On Thu, 2006-06-22 at 09:21 +0200, gerald HUET wrote: > hello, > > I try to use iptables rules to drop skype trafic. The > iptables rule is : > iptables -I FORWARD -p udp -m length --length 39 -m > u32 --u32 '27&0x8f=7' --u32 '31=0x01020304' -j ACCEPT Interesting match... but doesn't skype work on TCP, too, if UDP doesn't work? I've been told it even runs over http proxy, when there's no direct internet connection available. > the problem I encounter is that i can't have the match > u32 for iptables. Could someone help me ? Yes, the u32 match is in the netfilter patch-o-matic repository. You can get the new iptables and patch-o-matic code using subversion, like this: svn co http://svn.netfilter.org/netfilter/trunk/iptables svn co http://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng After that, you need to prepare kernel sources and use the 'runme' script in patch-o-matic-ng to patch iptables and your kernel sources. Hth, Torsten _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
