Layer 7 filtering

Captain Bubudiu bubudiu2005 at yahoo.co.uk
Wed Jun 29 18:24:18 UTC 2005 

 --- Ovidiu Lixandru <ovidiu at linux360.ro> wrote: 
> Hello.
> I've got a RedHat Linux 9 router which provides net
> for a LAN via DNAT. 
>   On this machine I plan to use layer 7 filtering in
> order to get rid of 
> some unwanted instant messaging and p2p protocols
> for some of the 
> internal IP's. So far, I've found l7-filter which
> seems to provide what 
> I need.
> I've rebuilt the iptables-1.2.9-2.3.1 srpm including
> the l7-filter patch 
> and it worked nicely.
> The ugly part comes with the kernel (2.4.20-8). I've
> deployed the srpm 
> and modified the spec to include the l7-filter
> patch. However, when it 
> comes to rebuilding the rpm (rpmbuild -bb --clean
> --target i686 
> kernel-2.4.spec), I get:
> 
>    Connection state match support
> (CONFIG_IP_NF_MATCH_STATE) [M/n/?]
>    Connection tracking match support
> (CONFIG_IP_NF_MATCH_CONNTRACK) [M/n/?]
>    Unclean match support (EXPERIMENTAL)
> (CONFIG_IP_NF_MATCH_UNCLEAN) [M/n/?]
>    Owner match support (EXPERIMENTAL)
> (CONFIG_IP_NF_MATCH_OWNER) [M/n/?]
>    Layer 7 match support (EXPERIMENTAL)
> (CONFIG_IP_NF_MATCH_LAYER7) 
> [N/m/?] (NEW)   Buffer size for application layer
> data (256-65536) 
> (CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN) [2048] (NEW)
> CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN:
> 
>     Size of the buffer that the application layer
> data is stored in.
>     Unless you know what you're doing, leave it at
> the default of 2048
>     Bytes.
>    Buffer size for application layer data
> (256-65536) 
> (CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN) [2048] (NEW)
> CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN:
> 
> ...and the message keeps repeating.
> At this point, I'm pondering whether to switch to a
> recent RHEL 2.6 
> kernel and try patching that or get some other layer
> 7 filtering 
> software which may work nicely with the RH 2.4.20
> kernel (is there any 
> other?).
> Any ideas and suggestions are welcome.
> Thanks.
> 
> -- 

Have you considered asking the dudes in the
fedora-legacy-list? (Given that RH9 is now in legacy)

----------------------------------------------------------------------
Fedora Core - The power of Open Source Now! Please search the archives and fedoraforum.org as the question is likely to have been asked before.

Catch me at http://members.lycos.co.uk/bubudiu/

Cheers
Captain Bubudiu


	
	
		
___________________________________________________________ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com

More information about the fedora-list mailing list