[ --ja-- @ 12.01.2009. 18:51 ] @
Imam mrežu koja preko jednog računala ima izlaz na net (mreža->računalo s 2 lan kartice->adsl modem). Situacija je slijedeća: očajno želim stati na kraj s torrentima i ostalom p2p prometu. Pokušao sam slijedeće, i vidi se da ova pravila hvataju neki promet. Ali ako na kraj dodam DROP, sve stane i ništa ne prolazi (osim pinga, no to ne ide preko layer7 filtra)... Code: Chain FORWARD (policy ACCEPT 222K packets, 57M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto aim 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto aimwebcontent 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto cvs 4259 827K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto dns 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ftp 578K 475M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto http 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto imap 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto irc 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto jabber 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto live365 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto msn-filetransfer 7672 1353K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto msnmessenger 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto nntp 26408 18M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ntp 94 9332 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto pop3 30 1456 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto qq 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto radmin 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rdp 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto replaytv-ivs 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rlogin 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rtsp 56211 42M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto shoutcast 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto sip 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto skypeout 2984 447K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto skypetoskype 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ssh 43 2408 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto stun 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto subversion 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto teamspeak 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto telnet 5665 918K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto tsp 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto vnc 2987 614K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto whois 0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto yahoo 0 0 ACCEPT tcp -- any any 10.0.252.3 anywhere tcp dpt:smtp 0 0 ACCEPT tcp -- any any 10.0.16.10 anywhere tcp dpt:smtp 0 0 ACCEPT tcp -- any any 10.0.16.11 anywhere tcp dpt:smtp 0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable 426 46288 ACCEPT icmp -- any any anywhere anywhere Gdje griješim? Hvala! |