On 29 July 2010 10:08, Portedaix <portedaix@xxxxxxxxx> wrote: > > Hello, > > QUESTION - SHORT VERSION : > Is there a way to have a rule equivalent to the one below which is for kernel 2.6.14 and above, with a linux kernel 2.6.9 ? > '#iptables -A INPUT -p udp -m udp --dport 5060 -m string --string "Cirpack KeepAlive Packet" --algo bm --to 65535 --source sip.ovh.net -j DROP' Looking on the various asterisk/digium mailing lists etc there are a number of discussions regarding cirpack - including a number of patchs for chan_sip. You might be better off patching chan_sip to handle them rather than discarding. The other option would be, depending on the headers etc, use something like the u32 match to discard them. -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.pbase.com/arimus - My online photogallery http://uk.linkedin.com/in/richardhorton1972 - My linkedin profile http://www.solstans.co.uk/richard - Online CV -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
