The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hello all. I am looking for a way to filter traffic. I don't need to limit bandwidth, and all of the L7 filter posts I have read refer to QOS and limiting bandwidth to certain protocols.
I want to set an application layer filter to allow only HTTP traffic on port 80. What is the easiest way to do this? Can iptables do this, or do I need another package?
i believe iptables can do this, not sure how to structure a l7 matching iptables command tho
But it would be something like:
iptables match l7=http accept
iptables match port=80 drop
iptables -A OUTPUT -m layer7 --l7proto http --dport 80 -j ACCEPT
iptables -A OUTPUT --dport 80 -j DROP
iptables -A OUTPUT -m layer7 --l7proto http -j DROP
I think a thing like this will work nice, i dont test it and i am tired lol 
(Last edited by SeDkY on 10 Apr 2006, 09:31)
iptables -A OUTPUT -m layer7 --l7proto http --dport 80 -j ACCEPT
iptables -A OUTPUT --dport 80 -j DROP
iptables -A OUTPUT -m layer7 --l7proto http -j DROPI think a thing like this will work nice, i dont test it and i am tired lol
what about protocol specification?
-p tcp
-p udp
The discussion might have continued from here.