Update layer7 rules

SVN-Revision: 15544
2009-05-01 15:20:34 +00:00
parent 9f10820e7c
commit e50d6f12f7
16 changed files with 20 additions and 7 deletions
--- a/package/iptables/files/l7/aim.pat
+++ b/package/iptables/files/l7/aim.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good slow notsofast
 # Protocol groups: chat proprietary
 # Wiki: http://www.protocolinfo.org/wiki/AIM
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually runs on port 5190
 #
--- a/package/iptables/files/l7/bittorrent.pat
+++ b/package/iptables/files/l7/bittorrent.pat
@@ -1,12 +1,12 @@
 # Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
-# Pattern attributes: good slow notsofast undermatch
+# Pattern attributes: good slow594 notsofast undermatch
 # Protocol groups: p2p open_source
 # Wiki: http://www.protocolinfo.org/wiki/Bittorrent
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # This pattern has been tested and is believed to work well.
 # It will, however, not work on bittorrent streams that are encrypted, since
-# it's impossible to match encrypted data (unless the encryption is extremely 
-# weak, like rot13 or something...).
+# it's impossible to match (well) encrypted data.

 bittorrent

@@ -16,12 +16,10 @@ bittorrent
 # Next bit matches something Azureus does
 # Ditto on the next bit.  Could also match on "user-agent: azureus", but that's in the next
 # packet and perhaps this will match multiple clients.
-
-# Recently the ^ was removed from before \x13.  I think this was an accident,
-# so I have restored it.
+# bitcomet-specific strings contributed by liangjun.

 # This is not a valid GNU basic regular expression (but that's ok).
-^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP]
+^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]

 # This pattern is "fast", but won't catch as much
 #^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)
--- a/package/iptables/files/l7/edonkey.pat
+++ b/package/iptables/files/l7/edonkey.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good veryfast fast overmatch
 # Protocol groups: p2p
 # Wiki: http://www.protocolinfo.org/wiki/EDonkey
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Tested recently (April/May 2006) with eMule 0.47a and eDonkey2000 1.4
 # and a long time ago with something else. 
--- a/package/iptables/files/l7/fasttrack.pat
+++ b/package/iptables/files/l7/fasttrack.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good slow notsofast
 # Protocol groups: p2p
 # Wiki: http://www.protocolinfo.org/wiki/Fasttrack
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Tested with Kazaa Lite Resurrection 0.0.7.6F
 #
--- a/package/iptables/files/l7/ftp.pat
+++ b/package/iptables/files/l7/ftp.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: great notsofast fast
 # Protocol groups: document_retrieval ietf_internet_standard
 # Wiki: http://protocolinfo.org/wiki/FTP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually runs on port 21.  Note that the data stream is on a dynamically
 # assigned port, which means that you will need the FTP connection 
--- a/package/iptables/files/l7/gnutella.pat
+++ b/package/iptables/files/l7/gnutella.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good notsofast notsofast
 # Protocol groups: p2p open_source
 # Wiki: http://www.protocolinfo.org/wiki/Gnutella
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # This should match both Gnutella and "Gnutella2" ("Mike's protocol")
 # 
--- a/package/iptables/files/l7/http.pat
+++ b/package/iptables/files/l7/http.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: great slow notsofast superset
 # Protocol groups: document_retrieval ietf_draft_standard
 # Wiki: http://protocolinfo.org/wiki/HTTP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually runs on port 80
 #
--- a/package/iptables/files/l7/ident.pat
+++ b/package/iptables/files/l7/ident.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good fast fast
 # Protocol groups: networking ietf_proposed_standard
 # Wiki: http://www.protocolinfo.org/wiki/Ident
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually runs on port 113
 #
--- a/package/iptables/files/l7/irc.pat
+++ b/package/iptables/files/l7/irc.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: great veryfast fast
 # Protocol groups: chat ietf_proposed_standard
 # Wiki: http://www.protocolinfo.org/wiki/IRC
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually runs on port 6666 or 6667
 # Note that chat traffic runs on these ports, but IRC-DCC traffic (which
--- a/package/iptables/files/l7/jabber.pat
+++ b/package/iptables/files/l7/jabber.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good notsofast notsofast
 # Protocol groups: chat ietf_proposed_standard
 # Wiki: http://www.protocolinfo.org/wiki/Jabber
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # This pattern has been tested with Gaim and Gabber.  It is only tested 
 # with non-SSL mode Jabber with no proxies.
--- a/package/iptables/files/l7/msnmessenger.pat
+++ b/package/iptables/files/l7/msnmessenger.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good slow notsofast
 # Protocol groups: chat proprietary
 # Wiki: http://www.protocolinfo.org/wiki/MSN_Messenger
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually uses TCP port 1863
 # http://www.hypothetic.org/docs/msn/index.php
--- a/package/iptables/files/l7/ntp.pat
+++ b/package/iptables/files/l7/ntp.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good fast fast overmatch 
 # Protocol groups: time_synchronization ietf_draft_standard
 # Wiki: http://www.protocolinfo.org/wiki/NTP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # This pattern is tested and is believed to work.

--- a/package/iptables/files/l7/pop3.pat
+++ b/package/iptables/files/l7/pop3.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: great veryfast fast
 # Protocol groups: mail ietf_internet_standard
 # Wiki: http://www.protocolinfo.org/wiki/POP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # This pattern has been tested somewhat.

--- a/package/iptables/files/l7/smtp.pat
+++ b/package/iptables/files/l7/smtp.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: great notsofast fast
 # Protocol groups: mail ietf_internet_standard
 # Wiki: http://www.protocolinfo.org/wiki/SMTP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # usually runs on port 25
 # 
--- a/package/iptables/files/l7/ssl.pat
+++ b/package/iptables/files/l7/ssl.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: good notsofast fast superset
 # Protocol groups: secure ietf_proposed_standard
 # Wiki: http://www.protocolinfo.org/wiki/SSL
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # Usually runs on port 443
 #
--- a/package/iptables/files/l7/vnc.pat
+++ b/package/iptables/files/l7/vnc.pat
@@ -2,6 +2,7 @@
 # Pattern attributes: great veryfast fast
 # Protocol groups: remote_access
 # Wiki: http://www.protocolinfo.org/wiki/VNC
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
 #
 # http://www.realvnc.com/documentation.html
 #