On Mon, 2008-02-18 at 16:32 +0200, Покотиленко Костик wrote: > В Пнд, 18/02/2008 в 10:59 -0300, Michael Fernández M пишет: > > On Mon, 2008-02-18 at 15:36 +0200, Покотиленко Костик wrote: > > > В Пнд, 18/02/2008 в 09:25 -0300, Michael Fernández M пишет: > > > > Hi, > > > > > > > > Is there a way to filter a picket by the size of it?, i mean I Would > > > > like to filter all the packet hat it size 2 MB. > > > > > > > > Is that possible? > > > > > > > > Thanks to any answer. > > > > > > iptables -m length --length 0:1024 > > > > > > > > But let me admit that normal packet length is up to 1500 bytes, in some > > > cases up to 65535 bytes. Maybe you didn't correctly face the question? > > > > > > > Yea, i know... but the thing is: > > > > I have a mail server (Postfix), and if I restrict the size of messages > > up to 2 MB.. then a user send an email (3 MB) and Postfix receive the > > message an then say: "You cannot send this message because of the > > size"... and send a notification to the user... so I want to stop the > > packets before them arrives to Postfix... and take off this load to the > > mail server... > > 1. You are mixing up 2 things: size of email (~tcp tream size) and > packet size. When you send an email of 3Mb size the process that is > happening is: tcp connection is being established (by sendning some tcp > packets) and your message (protocol smtp) is being sent split by packets > (commonly) 1500 bytes long. > 2. iptables deals on ip/tcp level and know nothing about high protocols > such as smtp. Exclusion is iptables' level7 filter, which is not really > good idea. > > Finaly , the right place to solve this situation is really in your > smtp-server (postfix). mmm, well, thanks a lot for your help and time. its very clear.. Michael.- > - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
