Filtering based on keywords

1 post / 0 new
dammn
dammn's picture
Filtering based on keywords

All, 

I believe that this has been a problem for a little while but I dare to ask the same question which has been asked already several times: Has any of you gotten keyword filtering working ? Access Restrictions -> WAN access -> define new Policy -> set Active -> set Filter -> set Days Everyday -> set Hours 24 -> define keywords -> set Catch All P2P Protocols -> Apply/Save. 

In my case this created new rules in advgrp_2 like this: 

[email protected]:~# iptables -L advgrp_1 -vnxv

Chain advgrp_1 (16 references)

    pkts      bytes target     prot opt in     out     source               destination         

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --edk 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --dc 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --gnu 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --kazaa 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --bit 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --apple 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --soul 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --winmx 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --ares 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --mute 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --waste 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ipp2p  --xdcc 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            protocol bittorrent

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            protocol apple

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            protocol directconnect

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            protocol fasttrack

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            protocol filetopia

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            protocol gnutella

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            protocol imesh

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            protocol openft

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            protocol pando

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            protocol soulseek

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            protocol winmx

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ares 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto audiogalaxy 

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto bearshare 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto edonkey 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto freenet 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto gnucleuslan 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto goboogy 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto hotline 

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto mute 

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto napster 

       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto soribada 

       0        0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto tesla 

[email protected]:~#
 
When I look into lan2wan chain: 
 
[email protected]:~# iptables -L lan2wan -vnxv

Chain lan2wan (1 references)

    pkts      bytes target     prot opt in     out     source               destination         

 2307034 2677214744 grp_2      0    --  *      *       0.0.0.0/0            0.0.0.0/0           

[email protected]:~#
 
Then into grp_2: 
 
[email protected]:~# iptables -L grp_2 -vnxv

Chain grp_2 (0 references)

    pkts      bytes target     prot opt in     out     source               destination         

[email protected]:~#
 

Where I'd expect something like: 

[email protected]:~# iptables -L grp_2 -vnxv

Chain grp_2 (1 references)

    pkts      bytes target     prot opt in     out     source               destination         

  314615 375348437 advgrp_2   0    --  *      *       0.0.0.0/0            0.0.0.0/0           

[email protected]:~#

So it looks to me like advanced filtering is not being propagated. Secondly, I'm not able to find any libs for iptables - is this normal ? Are all binaries in dd-wrt statically compiled ? Module ipp2p is obviously missing for iptables which could be the reason why this is not being loaded. 

My R7000 rides on Kong's build: 

[email protected]:~# uname -a ; cat /etc/release
Linux r7000 4.4.70 #338 SMP Sun Jun 11 00:36:49 CEST 2017 armv7l DD-WRT

32170:32312M
[email protected]:~#

Thank you for all your hints on this .. 

Dan