All,
I believe that this has been a problem for a little while but I dare to ask the same question which has been asked already several times: Has any of you gotten keyword filtering working ? Access Restrictions -> WAN access -> define new Policy -> set Active -> set Filter -> set Days Everyday -> set Hours 24 -> define keywords -> set Catch All P2P Protocols -> Apply/Save.
In my case this created new rules in advgrp_2 like this:
root@r7000:~# iptables -L advgrp_1 -vnxv
Chain advgrp_1 (16 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --edk
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --dc
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --gnu
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --kazaa
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --bit
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --apple
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --soul
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --winmx
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --ares
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --mute
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --waste
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --xdcc
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol bittorrent
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol apple
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol directconnect
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol fasttrack
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol filetopia
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol gnutella
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol imesh
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol openft
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol pando
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol soulseek
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol winmx
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ares
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto audiogalaxy
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bearshare
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto freenet
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnucleuslan
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto goboogy
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto hotline
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto mute
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto napster
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soribada
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto tesla
root@r7000:~#root@r7000:~# iptables -L lan2wan -vnxv
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
2307034 2677214744 grp_2 0 -- * * 0.0.0.0/0 0.0.0.0/0
root@r7000:~#root@r7000:~# iptables -L grp_2 -vnxv
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
root@r7000:~#Where I'd expect something like:
root@r7000:~# iptables -L grp_2 -vnxv
Chain grp_2 (1 references)
pkts bytes target prot opt in out source destination
314615 375348437 advgrp_2 0 -- * * 0.0.0.0/0 0.0.0.0/0
root@r7000:~#So it looks to me like advanced filtering is not being propagated. Secondly, I'm not able to find any libs for iptables - is this normal ? Are all binaries in dd-wrt statically compiled ? Module ipp2p is obviously missing for iptables which could be the reason why this is not being loaded.
My R7000 rides on Kong's build:
root@r7000:~# uname -a ; cat /etc/release Linux r7000 4.4.70 #338 SMP Sun Jun 11 00:36:49 CEST 2017 armv7l DD-WRT 32170:32312M root@r7000:~#
Thank you for all your hints on this ..
Dan
Recent comments