tailieunhanh - Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and filter phần 6
Neighbor / bảng Arp quản lý được thực hiện bằng cách sử dụng hàng xóm ip, trong đó có một vài lệnh expressively tên là thêm, thay đổi, thay thế, xóa, và tuôn ra. đường hầm IP được sử dụng để quản lý các kết nối đường hầm. Đường hầm có thể được gre, ipip, và | Chapter 5 router cp lib modules kernel net ipv4 router depmod -a router modinfo ipt_ipp2p filename author description license vermagic depends lib modules kernel net ipv4 Eicke Friedrich Klaus Degner ipp2p@ An extension to iptables to identify P2P traffic. GPL preempt PENTIUMIII ip_tables Next we need to load the module and it s all set. router modprobe ipt_ipp2p Using IPP2P IPP2P provides another match option for iptables so the syntax is iptables . -m ipp2p --option . where option can be Option P2P network Protocol Quality --edk eDonkey eMule Kademlia TCP and UDP very good --kazaa KaZaA FastTrack TCP and UDP good --gnu Gnutella TCP and UDP good --dc Direct Connect TCP only good --bit BitTorrent extended BT TCP and UDP good --apple AppleJuice TCP only need feedback --winmx WinMX TCP only need feedback --soul SoulSeek TCP only good need feedback --ares Ares AresLite TCP only moderate DROP only Another possibility is to use as option --ipp2p which matches all the protocols stated earlier. This new match option has the same rules as the L7-filter project and it s basically the same. Let s make some tests and compare the results between IPP2P and L7-filter. 133 Layer 7 Filtering IPP2P versus L7-filter In order to test the results of L7-filter and IPP2P matches we will set up accounting rules and see the results. We will use three of the most popular P2P applications DirectConnect DC BitTorrent and eDonkey. Let s set up a script like this iptables iptables -I -I FORWARD FORWARD -m -m layer7 ipp2p - --l7proto -dc directconnect iptables -I FORWARD -m layer7 --l7proto bittorrent iptables -I FORWARD -m ipp2p - -bit iptables -I FORWARD -m layer7 --l7proto edonkey iptables -I FORWARD -m ipp2p - -edk After a few minutes we pick up the results router iptables -L FORWARD -n -v Chain FORWARD policy ACCEPT 25M packets 18G bytes pkts bytes target
đang nạp các trang xem trước