For more information about IPTABLES7 layer-7 filtering-Linux general technology-Linux technology and application, see the following. Hello everyone
I encountered A problem when performing iptales layer-7 Filtering: If I write A policy iptables-A OUTPUT-m layer7 -- l7proto qq-j DROP on the iptables local host, then the QQ on the local host cannot be logged in.
However, if I use this iptables host for network boundaries and connect to an intranet LAN, write two policies on the firewall:
Iptables-t nat-a postrouting-s 192.168.2.0/24-o eth0-j MASQUERADE
In this way, Intranet access to the public network is not a problem, but QQ cannot be blocked, so I wrote the following policy:
Iptables-t mangle-a postrouting-m layer7 -- l7proto qq-j DROP
However, this is not the case, but it still cannot be blocked, and the firewall prompts:
Layer7: mached qq
Layer7: can not get conntrack
It cannot be solved. Please kindly advise me
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.