В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет: > On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote: > > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет: > > > Hi, > > > > > > Is there a way to filter a picket by the size of it?, i mean I Would > > > like to filter all the packet hat it size 2 MB. > > > > > > Is that possible? > > > > > > Thanks to any answer. > > > > iptables -m length --length 0:1024 > > > > > But let me admit that normal packet length is up to 1500 bytes, in some > > cases up to 65535 bytes. Maybe you didn't correctly face the question? > > > > Yea, i know... but the thing is: > > I have a mail server (Postfix), and if I restrict the size of messages > up to 2 MB.. then a user send an email (3 MB) and Postfix receive the > message an then say: "You cannot send this message because of the > size"... and send a notification to the user... so I want to stop the > packets before them arrives to Postfix... and take off this load to the > mail server... 1. You are mixing up 2 things: size of email (~tcp tream size) and packet size. When you send an email of 3Mb size the process that is happening is: tcp connection is being established (by sendning some tcp packets) and your message (protocol smtp) is being sent split by packets (commonly) 1500 bytes long. 2. iptables deals on ip/tcp level and know nothing about high protocols such as smtp. Exclusion is iptables' level7 filter, which is not really good idea. Finaly , the right place to solve this situation is really in your smtp-server (postfix). -- Покотиленко Костик <casper@xxxxxxxxxxxx> - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
