All,
I believe that this has been a problem for a little while but I dare to ask the same question which has been asked already several times: Has any of you gotten keyword filtering working ? Access Restrictions -> WAN access -> define new Policy -> set Active -> set Filter -> set Days Everyday -> set Hours 24 -> define keywords -> set Catch All P2P Protocols -> Apply/Save.
In my case this created new rules in advgrp_2 like this:
root@r7000:~# iptables -L advgrp_1 -vnxv Chain advgrp_1 (16 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --edk 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --dc 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --gnu 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --kazaa 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --bit 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --apple 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --soul 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --winmx 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --ares 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --mute 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --waste 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --xdcc 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol bittorrent 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol apple 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol directconnect 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol fasttrack 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol filetopia 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol gnutella 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 protocol imesh 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol openft 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol pando 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol soulseek 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 protocol winmx 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ares 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto audiogalaxy 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bearshare 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto freenet 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnucleuslan 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto goboogy 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto hotline 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto mute 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto napster 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soribada 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto tesla root@r7000:~#
root@r7000:~# iptables -L lan2wan -vnxv Chain lan2wan (1 references) pkts bytes target prot opt in out source destination 2307034 2677214744 grp_2 0 -- * * 0.0.0.0/0 0.0.0.0/0 root@r7000:~#
root@r7000:~# iptables -L grp_2 -vnxv Chain grp_2 (0 references) pkts bytes target prot opt in out source destination root@r7000:~#
Where I'd expect something like:
root@r7000:~# iptables -L grp_2 -vnxv Chain grp_2 (1 references) pkts bytes target prot opt in out source destination 314615 375348437 advgrp_2 0 -- * * 0.0.0.0/0 0.0.0.0/0 root@r7000:~#
So it looks to me like advanced filtering is not being propagated. Secondly, I'm not able to find any libs for iptables - is this normal ? Are all binaries in dd-wrt statically compiled ? Module ipp2p is obviously missing for iptables which could be the reason why this is not being loaded.
My R7000 rides on Kong's build:
root@r7000:~# uname -a ; cat /etc/release Linux r7000 4.4.70 #338 SMP Sun Jun 11 00:36:49 CEST 2017 armv7l DD-WRT 32170:32312M root@r7000:~#
Thank you for all your hints on this ..
Dan
Recent comments