IPP2P versus L7-filter

In order to test the results of L7-filter and IPP2P matches, we will set up accounting rules and see the results. We will use three of the most popular P2P applications: DirectConnect (DC++), BitTorrent, and eDonkey.

Let's set up a script like this:

iptables -I FORWARD -m layer7 --l7proto directconnect
iptables -I FORWARD -m ipp2p --dc
iptables -I FORWARD -m layer7 --l7proto bittorrent
iptables -I FORWARD -m ipp2p --bit
iptables -I FORWARD -m layer7 --l7proto edonkey
iptables -I FORWARD -m ipp2p --edk

After a few minutes, we pick up the results:

router:~/ipp2p-0.8.0# iptables -L FORWARD -n -v Chain FORWARD (policy ACCEPT 25M packets, 18G bytes) pkts bytes target prot opt in out source destination 2797 253K all -- * * 0.0.0.0/0 ...

Get Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter by

IPP2P versus L7-filter

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly