From e50d6f12f7844b84025282435042e6705b28cfea Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Fri, 1 May 2009 15:20:34 +0000 Subject: [PATCH] Update layer7 rules SVN-Revision: 15544 --- package/iptables/files/l7/aim.pat | 1 + package/iptables/files/l7/bittorrent.pat | 12 +++++------- package/iptables/files/l7/edonkey.pat | 1 + package/iptables/files/l7/fasttrack.pat | 1 + package/iptables/files/l7/ftp.pat | 1 + package/iptables/files/l7/gnutella.pat | 1 + package/iptables/files/l7/http.pat | 1 + package/iptables/files/l7/ident.pat | 1 + package/iptables/files/l7/irc.pat | 1 + package/iptables/files/l7/jabber.pat | 1 + package/iptables/files/l7/msnmessenger.pat | 1 + package/iptables/files/l7/ntp.pat | 1 + package/iptables/files/l7/pop3.pat | 1 + package/iptables/files/l7/smtp.pat | 1 + package/iptables/files/l7/ssl.pat | 1 + package/iptables/files/l7/vnc.pat | 1 + 16 files changed, 20 insertions(+), 7 deletions(-) diff --git a/package/iptables/files/l7/aim.pat b/package/iptables/files/l7/aim.pat index e26a3c4d0b..5c43930fd3 100644 --- a/package/iptables/files/l7/aim.pat +++ b/package/iptables/files/l7/aim.pat @@ -2,6 +2,7 @@ # Pattern attributes: good slow notsofast # Protocol groups: chat proprietary # Wiki: http://www.protocolinfo.org/wiki/AIM +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually runs on port 5190 # diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat index e5aa5bc13d..4a3ba88d58 100644 --- a/package/iptables/files/l7/bittorrent.pat +++ b/package/iptables/files/l7/bittorrent.pat @@ -1,12 +1,12 @@ # Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com -# Pattern attributes: good slow notsofast undermatch +# Pattern attributes: good slow594 notsofast undermatch # Protocol groups: p2p open_source # Wiki: http://www.protocolinfo.org/wiki/Bittorrent +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # This pattern has been tested and is believed to work well. # It will, however, not work on bittorrent streams that are encrypted, since -# it's impossible to match encrypted data (unless the encryption is extremely -# weak, like rot13 or something...). +# it's impossible to match (well) encrypted data. bittorrent @@ -16,12 +16,10 @@ bittorrent # Next bit matches something Azureus does # Ditto on the next bit. Could also match on "user-agent: azureus", but that's in the next # packet and perhaps this will match multiple clients. - -# Recently the ^ was removed from before \x13. I think this was an accident, -# so I have restored it. +# bitcomet-specific strings contributed by liangjun. # This is not a valid GNU basic regular expression (but that's ok). -^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP] +^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP] # This pattern is "fast", but won't catch as much #^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=) diff --git a/package/iptables/files/l7/edonkey.pat b/package/iptables/files/l7/edonkey.pat index 50a072cb28..75807f8ebb 100644 --- a/package/iptables/files/l7/edonkey.pat +++ b/package/iptables/files/l7/edonkey.pat @@ -2,6 +2,7 @@ # Pattern attributes: good veryfast fast overmatch # Protocol groups: p2p # Wiki: http://www.protocolinfo.org/wiki/EDonkey +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Tested recently (April/May 2006) with eMule 0.47a and eDonkey2000 1.4 # and a long time ago with something else. diff --git a/package/iptables/files/l7/fasttrack.pat b/package/iptables/files/l7/fasttrack.pat index c821ae4d47..6ed8ff1d13 100644 --- a/package/iptables/files/l7/fasttrack.pat +++ b/package/iptables/files/l7/fasttrack.pat @@ -2,6 +2,7 @@ # Pattern attributes: good slow notsofast # Protocol groups: p2p # Wiki: http://www.protocolinfo.org/wiki/Fasttrack +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Tested with Kazaa Lite Resurrection 0.0.7.6F # diff --git a/package/iptables/files/l7/ftp.pat b/package/iptables/files/l7/ftp.pat index a7f9e0eeaa..44d97c467b 100644 --- a/package/iptables/files/l7/ftp.pat +++ b/package/iptables/files/l7/ftp.pat @@ -2,6 +2,7 @@ # Pattern attributes: great notsofast fast # Protocol groups: document_retrieval ietf_internet_standard # Wiki: http://protocolinfo.org/wiki/FTP +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually runs on port 21. Note that the data stream is on a dynamically # assigned port, which means that you will need the FTP connection diff --git a/package/iptables/files/l7/gnutella.pat b/package/iptables/files/l7/gnutella.pat index 57a76de02f..770ed43b36 100644 --- a/package/iptables/files/l7/gnutella.pat +++ b/package/iptables/files/l7/gnutella.pat @@ -2,6 +2,7 @@ # Pattern attributes: good notsofast notsofast # Protocol groups: p2p open_source # Wiki: http://www.protocolinfo.org/wiki/Gnutella +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # This should match both Gnutella and "Gnutella2" ("Mike's protocol") # diff --git a/package/iptables/files/l7/http.pat b/package/iptables/files/l7/http.pat index 550aa0b71b..5122310d2f 100644 --- a/package/iptables/files/l7/http.pat +++ b/package/iptables/files/l7/http.pat @@ -2,6 +2,7 @@ # Pattern attributes: great slow notsofast superset # Protocol groups: document_retrieval ietf_draft_standard # Wiki: http://protocolinfo.org/wiki/HTTP +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually runs on port 80 # diff --git a/package/iptables/files/l7/ident.pat b/package/iptables/files/l7/ident.pat index d6d89c333f..3205e5e696 100644 --- a/package/iptables/files/l7/ident.pat +++ b/package/iptables/files/l7/ident.pat @@ -2,6 +2,7 @@ # Pattern attributes: good fast fast # Protocol groups: networking ietf_proposed_standard # Wiki: http://www.protocolinfo.org/wiki/Ident +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually runs on port 113 # diff --git a/package/iptables/files/l7/irc.pat b/package/iptables/files/l7/irc.pat index 2767336e8e..e25360cafb 100644 --- a/package/iptables/files/l7/irc.pat +++ b/package/iptables/files/l7/irc.pat @@ -2,6 +2,7 @@ # Pattern attributes: great veryfast fast # Protocol groups: chat ietf_proposed_standard # Wiki: http://www.protocolinfo.org/wiki/IRC +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually runs on port 6666 or 6667 # Note that chat traffic runs on these ports, but IRC-DCC traffic (which diff --git a/package/iptables/files/l7/jabber.pat b/package/iptables/files/l7/jabber.pat index aa51c76605..7c328905ee 100644 --- a/package/iptables/files/l7/jabber.pat +++ b/package/iptables/files/l7/jabber.pat @@ -2,6 +2,7 @@ # Pattern attributes: good notsofast notsofast # Protocol groups: chat ietf_proposed_standard # Wiki: http://www.protocolinfo.org/wiki/Jabber +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # This pattern has been tested with Gaim and Gabber. It is only tested # with non-SSL mode Jabber with no proxies. diff --git a/package/iptables/files/l7/msnmessenger.pat b/package/iptables/files/l7/msnmessenger.pat index 41f107555a..11dfc10be2 100644 --- a/package/iptables/files/l7/msnmessenger.pat +++ b/package/iptables/files/l7/msnmessenger.pat @@ -2,6 +2,7 @@ # Pattern attributes: good slow notsofast # Protocol groups: chat proprietary # Wiki: http://www.protocolinfo.org/wiki/MSN_Messenger +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually uses TCP port 1863 # http://www.hypothetic.org/docs/msn/index.php diff --git a/package/iptables/files/l7/ntp.pat b/package/iptables/files/l7/ntp.pat index a24fb0560e..760cfdbe59 100644 --- a/package/iptables/files/l7/ntp.pat +++ b/package/iptables/files/l7/ntp.pat @@ -2,6 +2,7 @@ # Pattern attributes: good fast fast overmatch # Protocol groups: time_synchronization ietf_draft_standard # Wiki: http://www.protocolinfo.org/wiki/NTP +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # This pattern is tested and is believed to work. diff --git a/package/iptables/files/l7/pop3.pat b/package/iptables/files/l7/pop3.pat index b3d76e20d8..3ae4c147bb 100644 --- a/package/iptables/files/l7/pop3.pat +++ b/package/iptables/files/l7/pop3.pat @@ -2,6 +2,7 @@ # Pattern attributes: great veryfast fast # Protocol groups: mail ietf_internet_standard # Wiki: http://www.protocolinfo.org/wiki/POP +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # This pattern has been tested somewhat. diff --git a/package/iptables/files/l7/smtp.pat b/package/iptables/files/l7/smtp.pat index eb98ae72f8..2f5d1957f9 100644 --- a/package/iptables/files/l7/smtp.pat +++ b/package/iptables/files/l7/smtp.pat @@ -2,6 +2,7 @@ # Pattern attributes: great notsofast fast # Protocol groups: mail ietf_internet_standard # Wiki: http://www.protocolinfo.org/wiki/SMTP +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # usually runs on port 25 # diff --git a/package/iptables/files/l7/ssl.pat b/package/iptables/files/l7/ssl.pat index a10589a103..ae30ee4400 100644 --- a/package/iptables/files/l7/ssl.pat +++ b/package/iptables/files/l7/ssl.pat @@ -2,6 +2,7 @@ # Pattern attributes: good notsofast fast superset # Protocol groups: secure ietf_proposed_standard # Wiki: http://www.protocolinfo.org/wiki/SSL +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # Usually runs on port 443 # diff --git a/package/iptables/files/l7/vnc.pat b/package/iptables/files/l7/vnc.pat index 9f77fdf55e..79d0ae8a28 100644 --- a/package/iptables/files/l7/vnc.pat +++ b/package/iptables/files/l7/vnc.pat @@ -2,6 +2,7 @@ # Pattern attributes: great veryfast fast # Protocol groups: remote_access # Wiki: http://www.protocolinfo.org/wiki/VNC +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE # # http://www.realvnc.com/documentation.html #