Le mardi 23 janvier 2007 à 12:53 +0100, Michal Martinek a écrit : > Thanks for help, I've already written some userspace packet analyzer > acting as a NFQUEUE target, but the problem is, that not all of the > packets I'd like to handle (mostly drop) are recognizable. It is a video > stream, in which I can detect only some "key packets", but the rest > remains unclear. OK, so if I understand you correctly... You have a video stream containing key packets you can spot. This video stream occurs on non predictable ports. First solution, and apologies to Gáspár, use string match to identify your key packets. Then mark the entire connection using CONNMARK and drop it. Something like: iptables -t mangle -A FORWARD -m string --string "yourmagic" \ -j CONNMARK --set-mark 0x1 iptables -A FORWARD -m connmark --mark 0x1 -j DROP This means once you've detected a key packet, you'll drop it as well as all further packets from the same connection. Second solution, you write a helper. Maybe I don't quite well get your situation, but this stream does not come from nowhere. It's ports have to be negociated in some previous connection so your client application can open the right port. Thus, your helper would follow this negociation connection to identify on the fly streaming ports and block the entire video stream. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!