There is a pretty nifty iptables module that allows for layer 7 (protocol level) matching using iptables. The website is <http://l7-filter.sourceforge.net/>. I haven't used it yet, so I don't know how stable it is. It only needs a kernel patch and an iptables patch to function, though. Reproducible: Always Steps to Reproduce:
Related to bug #48903 and bug #50462 Since its inclusion has already been rejected (gentoo-sources were getting too complicate) this realy needs a kernel module ebuild. Please look at the references an try to make one. Any questions/drafts please ask. http://www.gentoo.org/doc/en/2.6-koutput-user.xml http://dev.gentoo.org/~latexer/2.6-koutput.html
It also needs an iptables patch. If I were to write an ebuild to compile it as a separate kernel module, how would I handle patching iptables?
Nevermind. Iptables is apparently already patches according to bug #39761
I'll try to make an ebuild for l7, but i dont think it will work because it seems like will not work while its module :)
Created attachment 36950 [details] l7-filter-0.9.1.ebuild (broken that I started on) broken version I started on.
http://www.gentoo.org/doc/en/2.6-koutput.html Peter (aka latexer) mentioned the way 2.6 kernels changed - something to do with using M=. Anyway good luck. And don't go all out for a perfect solution.
Created attachment 37556 [details] l7-filter-0.9.1.ebuild [ Still Broken ]
Created attachment 37558 [details] l7-filter-0.9.1.ebuild Now it's working :)))
Added a few warnings. BTW a error with the prev version ${D} shouldn't be used with do.. commands - its implicit. Thanks,
Is this really necessary? It uses the obselete kmod system, which we want to remove. Can we not just tell the user to patch the kernel and the command to do so?
