#14076: layer7 netfilter module is not created in recent trunk
----------------------+----------------------------------
Reporter: duvi | Owner: developers
Type: defect | Status: closed
Priority: normal | Milestone: Chaos Calmer (trunk)
Component: kernel | Version: Trunk
Resolution: wontfix | Keywords:
----------------------+----------------------------------
Comment (by ben@…):
A possible replacement for layer7 matching could be using the iptables
string match module instead. For example, I've used this to match
bittorrent traffic:
{{{
iptables -I p2pblock -m string --string "BitTorrent protocol" --algo bm -m
recent --rdest --set --name P2PBLOCK
iptables -I p2pblock -m string --string "BitTorrent protocol" --algo bm -m
limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-seen-bitbm:
}}}
You could try this approach, porting the strings/patterns from the old
layer7 code.
--
Ticket URL: <https://dev.openwrt.org/ticket/14076#comment:47>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
