help on iptables
Luca Ferrari
fluca1978 at infinito.it
Thu Jul 3 14:29:29 UTC 2008
Hi all,
I'm tryint to configure the l7 filter to block p2p traffic on our network. The
installation and configuration seems ok, and I've added (just to test) the
ssh protocol to the list of denied protocols. While running, I can see that
l7-filter is processing the ssh protocol, but iptables is not dropping the
packets (the connection is allowed). I've placed the following rules:
$IPTABLES_CMD -N $P2P_CHAIN -v
$IPTABLES_CMD -A $P2P_CHAIN -j LOG --log-level debug --log-prefix "{ P2P
DROPPED } " -v
$IPTABLES_CMD -A $P2P_CHAIN -j DROP -v
$IPTABLES_CMD -t mangle -A FORWARD -j NFQUEUE --queue-num 3 -v
$IPTABLES_CMD -t filter -A FORWARD -m mark --mark 9 -j $P2P_CHAIN -v
What am I missing in the forward rules? It should drop any packet marked with
9, but I cannot see any packet logged and dropped.
Any suggestion?
Thanks,
Luca
More information about the ubuntu-users
mailing list