Bazy wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello gentlemen and lady's, > > > I am trying to filter ssh traffic regardless of the port the > connection > is opened on. I want to do the same for rlogin and telnet. I know it > would be easier to use a proxy server and only allow users to > access the > web... but it's more complicated... they also need other ports open... > and they use public IP addresses. > > Is there any way that I can do it with iptables without > having to patch > the kernel and iptables with l7-filter.sourceforge.net? > > Thank you for your time. What you are looking for is a way to filter by protocol signature and I do not think that functionality is in netfilter yet. Best bet is to just allow the connections to well knows ports or if it needs to run over another port define that explicitly. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.