Layer7 broken?

Discussion in 'Asuswrt-Merlin' started by ingenium, Jan 22, 2013.

  1. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    Whenever I try to add an iptables rule with layer7, such as:

    Code:
    iptables -t mangle -A QOSO -p tcp -m layer7 --l7proto bittorrent -j CONNMARK --set-return 0x5/0xff
    it returns:

    Code:
    iptables: No chain/target/match by that name
    I can't see a layer7 module loaded, so maybe it's compiled into the kernel? If I try to change l7proto to something else, say "test", it returns:

    Code:
    iptables v1.3.8: Couldn't find a pattern definition file for test.
    So it's clearly finding the pattern rules in /etc/l7-protocols/. There must be some other problem going on.

    EDIT: I may as well ask another related question in the same thread. If I want to add custom QoS rules, should I have it in the firewall-start script or the nat-start script? Or does it not matter? Basically I don't want the rules being re-added if the mangle table hasn't been flushed... does adding a port forward via the webui just flush the nat table or does it re-load the whole firewall?
     
    Last edited: Jan 22, 2013
  2. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    I found the directory where all the kernel modules are, and there was a layer7 module in there. Running "modprobe xt_layer7" fixed the issue.
     
  3. yelo3

    yelo3 Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    27
    Any suggestion on how to block p2p instead of marking it for QOS?
     

Share This Page