On Friday 09 July 2004 9:56 pm, FB wrote:
> (BTW: when I use the setting from the NETFILTER HOWTO page:
>
> iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j MARK
> --set-mark 1
>
> and change it (as written in the howto under "blocking") to:
> iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j REJECT
I'm not too impressed with a HOWTO which recommends the REJECT target for a
rule in the mangle table...
REJECT should be done in the filter tables. mangle tables are for modifying
strange things about packets (such as MARKs).
Sorry I can't offer any specific help regarding the layer7 patch, but I've not
used it.
Maybe some LOGging rules would help you?
Regards,
Antony.
--
Wanted: telepath. You know where to apply.
Please reply to the list;
please don't CC me.
