l7-filter-userspace : Erro error during nfq_bind_pf() [RESOLVIDO]

maurolarrat
(usa Ubuntu)

Enviado em 19/04/2011 - 07:58h

Caros do Viva o Linux,

Tenho um firewall de filtro de pacotes e NAT funcionando. Estou tentando fazer com que ele opere na camada de aplicação com o l7-filter-userspace, e após a instalação segundo um how-to, ocorreu um erro.

As lnhas novas que inseri no arquivo do firewall são:

#teste l7-filter
iptables -I OUTPUT -m mark --mark 3 -j DROP # 100bao - P2P
iptables -I OUTPUT -m mark --mark 4 -j DROP # AIM - Chat
iptables -I OUTPUT -m mark --mark 5 -j DROP # AIM - Chat
iptables -I OUTPUT -m mark --mark 6 -j DROP # Aplle - P2P
iptables -I OUTPUT -m mark --mark 7 -j DROP # ARES - P2P
iptables -I OUTPUT -m mark --mark 8 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 9 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 10 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 11 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 12 -j ACCEPT # BGP - Border Gateway Protocol
iptables -I OUTPUT -m mark --mark 13 -j ACCEPT # BIFF - Mail
iptables -I OUTPUT -m mark --mark 14 -j DROP # BITORRENT- Torrent
iptables -I OUTPUT -m mark --mark 16 -j ACCEPT # NOKIA - SMS
iptables -I OUTPUT -m mark --mark 17 -j ACCEPT # CISCO - VPN
iptables -I OUTPUT -m mark --mark 18 -j ACCEPT # CYTRIX - REMOTE ACCESS
iptables -I OUTPUT -m mark --mark 19 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 20 -j ACCEPT # CVS - Version Control
iptables -I OUTPUT -m mark --mark 21 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 22 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 23 -j ACCEPT # DHCP - Protocol
iptables -I OUTPUT -m mark --mark 24 -j DROP # DIRECT - P2P
iptables -I OUTPUT -m mark --mark 25 -j ACCEPT # DNS - Protocol
iptables -I OUTPUT -m mark --mark 26 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 27 -j DROP # EDONKEY - P2P
iptables -I OUTPUT -m mark --mark 28 -j DROP # FASTTRACK- P2P
iptables -I OUTPUT -m mark --mark 29 -j ACCEPT # FINGER - Protocol
iptables -I OUTPUT -m mark --mark 30 -j ACCEPT # FREENET - Protocol
iptables -I OUTPUT -m mark --mark 31 -j ACCEPT # FTP - Protocol
iptables -I OUTPUT -m mark --mark 32 -j ACCEPT # FTP - Protocol
iptables -I OUTPUT -m mark --mark 33 -j DROP # Gnucleus - P2P
iptables -I OUTPUT -m mark --mark 34 -j DROP # Gnutella - P2P
iptables -I OUTPUT -m mark --mark 35 -j DROP # GoBoogy - P2P
iptables -I OUTPUT -m mark --mark 36 -j ACCEPT # Gopher - Protocol
iptables -I OUTPUT -m mark --mark 37 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 38 -j ACCEPT # h323 - VOIP
iptables -I OUTPUT -m mark --mark 39 -j DROP # GAME
iptables -I OUTPUT -m mark --mark 40 -j ACCEPT # hddtemp - Processo
iptables -I OUTPUT -m mark --mark 41 -j ACCEPT # HOTLINE - P2P
iptables -I OUTPUT -m mark --mark 42 -j ACCEPT # HTTP - RTSP
iptables -I OUTPUT -m mark --mark 43 -j ACCEPT # HTTP - Protocol
iptables -I OUTPUT -m mark --mark 44 -j ACCEPT # IDENT - Protocol
iptables -I OUTPUT -m mark --mark 45 -j ACCEPT # IMAP - Protocol
iptables -I OUTPUT -m mark --mark 46 -j DROP # iMASH - P2P
iptables -I OUTPUT -m mark --mark 47 -j ACCEPT # IPP - Protocol
iptables -I OUTPUT -m mark --mark 48 -j DROP # IRC - Chat
iptables -I OUTPUT -m mark --mark 49 -j DROP # Jabber - Chat
iptables -I OUTPUT -m mark --mark 50 -j DROP # KuGoo - P2P
iptables -I INPUT -i eth1 -m mark --mark 56 -j DROP # MSN - Chat

/usr/bin/l7-filter -f /etc/network/l7_filter.conf &



tenho estes módulos carregados normalmente:

modprobe iptable_filter
modprobe iptable_nat
modprobe iptable_mangle
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_netlink
modprobe ip_conntrack_ftp
modprobe ip_queue
modprobe ip_tables

modprobe nf_conntrack_ipv4

modprobe ipt_LOG
modprobe ipt_MARK
modprobe ipt_MASQUERADE
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_REJECT
modprobe ipt_limit
modprobe ipt_mac
modprobe ipt_mark
modprobe ipt_multiport
modprobe ipt_owner
modprobe ipt_state
modprobe ipt_tos


Gostaria de executar o l7filter de dentro do arquivo do firewall, em segundo plano, mas é gerado o erro: error during nfq_bind_pf().


Alguma dica?

Sistema:
UBUNTU
Linux FIREWALL 2.6.35-28-generic #49-Ubuntu SMP Tue Mar 1 14:40:58 UTC 2011 i686 GNU/Linux

gleberrl
(usa Debian)

Enviado em 01/12/2011 - 17:18h

qual foi a solução??? o meu está com o mesmo problema e ainda nao descobri.

Atenciosamente