Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Layer7 broken?

Discussion in 'Asuswrt-Merlin' started by ingenium, Jan 22, 2013.

  1. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    Whenever I try to add an iptables rule with layer7, such as:

    Code:
    iptables -t mangle -A QOSO -p tcp -m layer7 --l7proto bittorrent -j CONNMARK --set-return 0x5/0xff
    it returns:

    Code:
    iptables: No chain/target/match by that name
    I can't see a layer7 module loaded, so maybe it's compiled into the kernel? If I try to change l7proto to something else, say "test", it returns:

    Code:
    iptables v1.3.8: Couldn't find a pattern definition file for test.
    So it's clearly finding the pattern rules in /etc/l7-protocols/. There must be some other problem going on.

    EDIT: I may as well ask another related question in the same thread. If I want to add custom QoS rules, should I have it in the firewall-start script or the nat-start script? Or does it not matter? Basically I don't want the rules being re-added if the mangle table hasn't been flushed... does adding a port forward via the webui just flush the nat table or does it re-load the whole firewall?
     
    Last edited: Jan 22, 2013
  2. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    I found the directory where all the kernel modules are, and there was a layer7 module in there. Running "modprobe xt_layer7" fixed the issue.
     
  3. yelo3

    yelo3 Regular Contributor

    Joined:
    Feb 20, 2014
    Messages:
    88
    Any suggestion on how to block p2p instead of marking it for QOS?
     

Share This Page