summaryrefslogtreecommitdiff
path: root/package/iptables/files
diff options
context:
space:
mode:
authorWaldemar Brodkorb <wbx@openadk.org>2010-04-04 10:34:02 +0200
committerWaldemar Brodkorb <wbx@openadk.org>2010-04-04 10:34:02 +0200
commit5042ac8e5927d0089d3902b1c37e5bcc1565d053 (patch)
treecd2be3085808c5ac59dd70f9c610c6a40bfe3ffd /package/iptables/files
parent401dabf66529cfb5ab47b4c78d5e25fd493eef1f (diff)
parent4d569ed1a3305c7b7abe8fa4273cea3b559cc85a (diff)
Merge branch 'master' of git+ssh://openadk.org/git/openadk
Conflicts: BUGS package/autoconf/Makefile
Diffstat (limited to 'package/iptables/files')
-rw-r--r--package/iptables/files/firewall.conf117
-rwxr-xr-xpackage/iptables/files/firewall.init35
-rw-r--r--package/iptables/files/iptables.postinst5
-rw-r--r--package/iptables/files/l7/aim.pat27
-rw-r--r--package/iptables/files/l7/bittorrent.pat14
-rw-r--r--package/iptables/files/l7/edonkey-dl.pat8
-rw-r--r--package/iptables/files/l7/edonkey.pat29
-rw-r--r--package/iptables/files/l7/fasttrack.pat25
-rw-r--r--package/iptables/files/l7/ftp.pat34
-rw-r--r--package/iptables/files/l7/gnutella.pat36
-rw-r--r--package/iptables/files/l7/http.pat28
-rw-r--r--package/iptables/files/l7/ident.pat14
-rw-r--r--package/iptables/files/l7/irc.pat20
-rw-r--r--package/iptables/files/l7/jabber.pat24
-rw-r--r--package/iptables/files/l7/msnmessenger.pat15
-rw-r--r--package/iptables/files/l7/ntp.pat17
-rw-r--r--package/iptables/files/l7/pop3.pat50
-rw-r--r--package/iptables/files/l7/smtp.pat39
-rw-r--r--package/iptables/files/l7/ssl.pat15
-rw-r--r--package/iptables/files/l7/vnc.pat23
20 files changed, 153 insertions, 422 deletions
diff --git a/package/iptables/files/firewall.conf b/package/iptables/files/firewall.conf
new file mode 100644
index 000000000..2c8faaa34
--- /dev/null
+++ b/package/iptables/files/firewall.conf
@@ -0,0 +1,117 @@
+#!/bin/sh
+echo "configure /etc/firewall.conf first."
+exit 1
+
+### Interfaces
+WAN=ppp0
+LAN=br0
+WLAN=wlan0
+
+######################################################################
+### Default ruleset
+######################################################################
+
+### Create chains
+iptables -N input_rule
+iptables -N forwarding_rule
+iptables -t nat -N prerouting_rule
+iptables -t nat -N postrouting_rule
+
+### Default policy
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+
+### INPUT
+### (connections with the router as destination)
+
+# base case
+iptables -A INPUT -m state --state INVALID -j DROP
+iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP
+
+# custom rules
+iptables -A INPUT -j input_rule
+
+# allow access from anything but WAN
+iptables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT
+# allow icmp messages
+iptables -A INPUT -p icmp -j ACCEPT
+
+# reject
+iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
+iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
+
+### OUTPUT
+### (connections with the router as source)
+
+# base case
+iptables -A OUTPUT -m state --state INVALID -j DROP
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+### FORWARD
+### (connections routed through the router)
+
+# base case
+iptables -A FORWARD -m state --state INVALID -j DROP
+iptables -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# custom rules
+iptables -A FORWARD -j forwarding_rule
+iptables -t nat -A PREROUTING -j prerouting_rule
+iptables -t nat -A POSTROUTING -j postrouting_rule
+
+# allow LAN
+iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
+
+### MASQUERADING
+echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+
+######################################################################
+### Default ruleset end
+######################################################################
+
+###
+### Connections to the router
+###
+
+# ssh
+#iptables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT
+
+# IPSec
+#iptables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT
+#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT
+
+# OpenVPN
+#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT
+
+# PPTP
+#iptables -A input_rule -i $WAN -p gre -j ACCEPT
+#iptables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
+
+###
+### VPN traffic
+###
+
+# IPSec
+#iptables -A forwarding_rule -o ipsec+ -j ACCEPT
+#iptables -A forwarding_rule -i ipsec+ -j ACCEPT
+
+# OpenVPN
+#iptables -A forwarding_rule -o tun+ -j ACCEPT
+#iptables -A forwarding_rule -i tun+ -j ACCEPT
+
+###
+### Port forwardings to LAN
+###
+
+#iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 3389 -j DNAT --to 192.168.1.10
+#iptables -A forwarding_rule -i $WAN -p tcp --dport 3389 -d 192.168.1.10 -j ACCEPT
+
+# Transparent Bridging Proxy
+#ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
+# --ip-destination-port 80 -j redirect --redirect-target ACCEPT
+#iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \
+# -j REDIRECT --to-port 8080
+
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
new file mode 100755
index 000000000..b3ea698d6
--- /dev/null
+++ b/package/iptables/files/firewall.init
@@ -0,0 +1,35 @@
+#!/bin/sh
+#PKG iptables
+#INIT 45
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+ test x"${firewall:-NO}" = x"NO" && exit 0
+ exec sh $0 start
+ ;;
+start)
+ . /etc/firewall.conf
+ ;;
+stop)
+ ### Clear tables
+ iptables -F
+ iptables -X
+ iptables -t nat -F
+ iptables -t nat -X
+ iptables -P INPUT ACCEPT
+ iptables -P FORWARD ACCEPT
+ iptables -P OUTPUT ACCEPT
+ iptables -t nat -P PREROUTING ACCEPT
+ iptables -t nat -P POSTROUTING ACCEPT
+ ;;
+restart)
+ sh $0 stop
+ sh $0 start
+ ;;
+*)
+ echo "Usage: $0 {start | stop | restart}"
+ ;;
+esac
+exit $?
diff --git a/package/iptables/files/iptables.postinst b/package/iptables/files/iptables.postinst
index fd2865a31..89b0af164 100644
--- a/package/iptables/files/iptables.postinst
+++ b/package/iptables/files/iptables.postinst
@@ -1,7 +1,4 @@
#!/bin/sh
. $IPKG_INSTROOT/etc/functions.sh
-if [ -f $IPKG_INSTROOT/etc/init.d/S45firewall ]; then
- add_rcconf iptables firewall NO
-fi
-
+add_rcconf iptables firewall NO
diff --git a/package/iptables/files/l7/aim.pat b/package/iptables/files/l7/aim.pat
deleted file mode 100644
index 9768dbbdc..000000000
--- a/package/iptables/files/l7/aim.pat
+++ /dev/null
@@ -1,27 +0,0 @@
-# AIM - AOL instant messenger (OSCAR and TOC)
-# Pattern quality: good notsofast
-# Usually runs on port 5190
-#
-# This may also match ICQ traffic.
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-aim
-# See http://gridley.acns.carleton.edu/~straitm/final (and various other places)
-# The first bit matches OSCAR signon and data commands, but not sure what
-# \x03\x0b matches, but it works apparently.
-# The next three bits match various parts of the TOC signon process.
-# The third one is the magic number "*", then 0x01 for "signon", then up to four
-# bytes ("up to" because l7-filter strips out nulls) which contain a sequence
-# number (2 bytes) the data length (2 more) and 3 nulls (which don't count),
-# then 0x01 for the version number (not sure if there ever has been another
-# version)
-# The fourth one is a command string, followed by some stuff, then the
-# beginning of the "roasted" password
-
-# This pattern is too slow!
-
-^(\*[\x01\x02].*\x03\x0b|\*\x01.?.?.?.?\x01)|flapon|toc_signon.*0x
diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat
deleted file mode 100644
index c1804ee4b..000000000
--- a/package/iptables/files/l7/bittorrent.pat
+++ /dev/null
@@ -1,14 +0,0 @@
-# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
-# Pattern quality: great veryfast
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-bittorrent
-
-# Does not attempt to match the HTTP download of the tracker
-# 0x13 is the length of "bittorrent protocol"
-# Second two bits match UDP wierdness, commented out until it's tested
-#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP])
-^\x13bittorrent protocol
diff --git a/package/iptables/files/l7/edonkey-dl.pat b/package/iptables/files/l7/edonkey-dl.pat
deleted file mode 100644
index d344d169d..000000000
--- a/package/iptables/files/l7/edonkey-dl.pat
+++ /dev/null
@@ -1,8 +0,0 @@
-# eDonkey2000 - P2P filesharing (download part) - http://edonkey2000.com
-# Pattern quality: good veryfast overmatch usepacket
-
-edonkey-dl
-
-^[\xe3\xe4\xc5\xe5\xd4](....)?[\x01\x0a\x0e\x0f\x10\x18\x19\x1b\x1c\x47\x4a\x4f\x51\x53\x54\x58\x60\x81\x90\x96\x9a\x9c\xa2]
-
-
diff --git a/package/iptables/files/l7/edonkey.pat b/package/iptables/files/l7/edonkey.pat
deleted file mode 100644
index efbc3f361..000000000
--- a/package/iptables/files/l7/edonkey.pat
+++ /dev/null
@@ -1,29 +0,0 @@
-# eDonkey2000 - P2P filesharing - http://edonkey2000.com
-# Pattern quality: good veryfast overmatch
-#
-# Please post to l7-filter-developers@lists.sf.net as to whether this pattern
-# works for you or not. If you believe it could be improved please post your
-# suggestions to that list as well. You may subscribe to this list at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# Thanks to Matt Skidmore <fox AT woozle.org>
-
-edonkey
-
-# http://gd.tuwien.ac.at/opsys/linux/sf/p/pdonkey/eDonkey-protocol-0.6
-#
-# In addition to \xe3, \xc5 and \xd4, I see a lot of \xe5
-#
-# God this is a mess. What an irritating protocol.
-# This will match about 1% of streams with random data in them!
-
-^[\xe3\xc5\xe5\xd4](....)?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x5b\x5c\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$)
-
-# matches everything and too much
-# ^(\xe3|\xc5|\xd4)
-
-# ipp2p essentially uses "\xe3....\x47", which doesn't seem at all right to me.
-
-# bandwidtharbitrator uses
-# e0.*@.*6[a-z].*p$|e0.*@.*[a-z]6[a-z].*p0$|e.*@.*[0-9]6.*p$|emule|edonkey
-# no comments to explain what all the mush is, of course...
diff --git a/package/iptables/files/l7/fasttrack.pat b/package/iptables/files/l7/fasttrack.pat
deleted file mode 100644
index 46295c6bb..000000000
--- a/package/iptables/files/l7/fasttrack.pat
+++ /dev/null
@@ -1,25 +0,0 @@
-# FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)
-# Pattern quality: good notsofast
-#
-# Tested with Kazaa Lite Resurrection 0.0.7.6F
-#
-# This appears to match the download connections well, but not the search
-# connections (I think they are encrypted :-( ).
-#
-# Please post to l7-filter-developers@lists.sf.net as to whether it works
-# for you or not. If you believe it could be improved please post your
-# suggestions to that list as well. You may subscribe to this list at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-fasttrack
-# while this is a valid http request, this will be caught because
-# the http pattern matches the response (and therefore the next packet)
-# Even so, it's best to put this match earlier in the chain.
-# http://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/PROTOCOL?rev=HEAD&content-type=text/vnd.viewcvs-markup
-
-# This pattern is kinda slow, but not too bad.
-^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?
-
-# This isn't much faster:
-#^get (/.download/.*|/.supernode.|/.status.|/.network.*|/.files|/.hash=[0-9a-f]*/.*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?
-
diff --git a/package/iptables/files/l7/ftp.pat b/package/iptables/files/l7/ftp.pat
deleted file mode 100644
index 9593ffd1b..000000000
--- a/package/iptables/files/l7/ftp.pat
+++ /dev/null
@@ -1,34 +0,0 @@
-# FTP - File Transfer Protocol - RFC 959
-# Pattern quality: great fast
-#
-# Usually runs on port 21. Note that the data stream is on a dynamically
-# assigned port, which means that you will need the FTP connection
-# tracking module in your kernel to usefully match FTP data transfers.
-#
-# This pattern is well tested. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# Matches the first two things a server should say. Most servers say
-# something after 220, even though they don't have to, and it usually
-# includes the string "ftp" (l7-filter is case insensitive).
-# This includes proftpd, vsftpd, wuftpd, warftpd, pureftpd, Bulletproof
-# FTP Server, and whatever ftp.microsoft.com uses. Just in case, the next
-# thing the server sends is a 331. All the above servers also send
-# something including "password" after this code.
-ftp
-# actually, let's just do the first for now, it's faster
-^220[\x09-\x0d -~]*ftp
-
-# This is ~10x faster if the stream starts with "220"
-#^220.*ftp
-
-# This will match more, but much slower
-#^220[\x09-\x0d -~]*ftp|331[\x09-\x0d -~]*password
-
-# This pattern is more precise, but takes longer to match. (3 packets vs. 1)
-#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a331
-
-# same as above, but slightly less precise and only takes 2 packets.
-#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a
diff --git a/package/iptables/files/l7/gnutella.pat b/package/iptables/files/l7/gnutella.pat
deleted file mode 100644
index ebbd5c621..000000000
--- a/package/iptables/files/l7/gnutella.pat
+++ /dev/null
@@ -1,36 +0,0 @@
-# Gnutella - P2P filesharing
-# Pattern quality: good fast
-#
-# This should match both Gnutella and "Gnutella2" ("Mike's protocol")
-#
-# Various clients use this protocol including Mactella, Shareaza,
-# GTK-gnutella, Gnucleus, Gnotella, LimeWire, BearShare, and iMesh.
-#
-# This is tested with gtk-gnutella and Shareaza.
-#
-# Please report on how this pattern works for you at
-# l7-filter-developers@lists.sf.net . If you can improve on this
-# pattern, please also post to that list. You may subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# http://www.gnutella2.com/tiki-index.php?page=UDP%20Transceiver
-# http://rfc-gnutella.sf.net/
-# http://www.gnutella2.com/tiki-index.php?page=Gnutella2%20Specification
-# http://en.wikipedia.org/wiki/Shareaza
-
-gnutella
-
-# The first part matches UDP messages - All start with "GND", then have
-# a flag byte which is either \x00, \x01 or \x02, then two sequence bytes
-# that can be anything, then a fragment number, which must start at 1.
-# The rest matches TCP first client message or first server message (in case
-# we can't see client messages). Some parts of this are empirical rather than
-# document based. Assumes version is between 0.0 and 2.9. (usually is
-# 0.4 or 0.6). I'm guessing at many of the user-agents.
-# The last bit is emprical and probably only matches Limewire.
-^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|..................lime)
-
-# Needlessly precise, at the expense of time
-#^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /[\x09-\x0d -~]*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /[\x09-\x0d -~]*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella[\x09-\x0d -~]*content-type: application/x-gnutella|..................lime)
-
-
diff --git a/package/iptables/files/l7/http.pat b/package/iptables/files/l7/http.pat
deleted file mode 100644
index 520e7fe21..000000000
--- a/package/iptables/files/l7/http.pat
+++ /dev/null
@@ -1,28 +0,0 @@
-# HTTP - HyperText Transfer Protocol - RFC 2616
-# Pattern quality: great notsofast
-# Usually runs on port 80
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# this intentionally catches the response from the server
-# rather than the request so that other protocols which use
-# http (like kazaa) can be caught based on specific http requests
-# regardless of the ordering of filters...
-# also matches posts
-
-# Sites that serve really long cookies may break this by pushing the
-# server response too far away from the beginning of the connection. To
-# fix this, increase the kernel's data buffer length.
-
-http
-# Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF (rfc 2616)
-# As specified in rfc 2616 a status code is preceeded and followed by a
-# space.
-http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]
-# A slightly faster version that might be good enough:
-#http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019]
-# old pattern(s):
-#(http[\x09-\x0d -~]*(200 ok|302 |304 )[\x09-\x0d -~]*(connection:|content-type:|content-length:))|^(post [\x09-\x0d -~]* http/)
diff --git a/package/iptables/files/l7/ident.pat b/package/iptables/files/l7/ident.pat
deleted file mode 100644
index 672b0753c..000000000
--- a/package/iptables/files/l7/ident.pat
+++ /dev/null
@@ -1,14 +0,0 @@
-# Ident - Identification Protocol - RFC 1413
-# Pattern quality: good veryfast
-# Usually runs on port 113
-#
-# This pattern is believed to work. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-ident
-# "number , numberCRLF" possibly without the CR and/or LF.
-# ^$ is appropriate because the first packet should never have anything
-# else in it.
-^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\x09-\x0d]*,[\x09-\x0d]*[1-9][0-9]?[0-9]?[0-9]?[0-9]?(\x0d\x0a|[\x0d\x0a])?$
diff --git a/package/iptables/files/l7/irc.pat b/package/iptables/files/l7/irc.pat
deleted file mode 100644
index 6643f6c2f..000000000
--- a/package/iptables/files/l7/irc.pat
+++ /dev/null
@@ -1,20 +0,0 @@
-# IRC - Internet Relay Chat - RFC 1459
-# Pattern quality: good veryfast
-#
-# Usually runs on port 6666 or 6667
-# Note that chat traffic runs on these ports, but IRC-DCC traffic (which
-# can use much more bandwidth) uses a dynamically assigned port, so you
-# must have the IRC connection tracking module in your kernel to classify
-# this.
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-irc
-# First thing that happens is that the client sends NICK and USER, in
-# either order. This allows MIRC color codes (\x02-\x0d instead of
-# \x09-\x0d).
-^(nick[\x09-\x0d -~]*user[\x09-\x0d -~]*:|user[\x09-\x0d -~]*:[\x02-\x0d -~]*nick[\x09-\x0d -~]*\x0d\x0a)
-
diff --git a/package/iptables/files/l7/jabber.pat b/package/iptables/files/l7/jabber.pat
deleted file mode 100644
index 7a0c6840e..000000000
--- a/package/iptables/files/l7/jabber.pat
+++ /dev/null
@@ -1,24 +0,0 @@
-# Jabber (XMPP) - an open instant messenger protocol - http://jabber.org
-# Pattern quality: good fast
-#
-# This pattern has been tested with Gaim and Gabber. It is only tested
-# with non-SSL mode Jabber with no proxies. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# Thanks to Jan Hudec for some improvements.
-
-# Jabber seems to take a long time to set up a connection. I'm
-# connecting with Gabber 0.8.8 to 12jabber.org and the first 8 packets
-# is this:
-# <stream:stream to='12jabber.com' xmlns='jabber:client'
-# xmlns:stream='http://etherx.jabber.org/streams'><?xml
-# version='1.0'?><stream:stream
-# xmlns:stream='http://etherx.jabber.org/streams' id='3f73e951'
-# xmlns='jabber:client' from='12jabber.com'>
-#
-# No mention of my username or password yet, you'll note.
-
-jabber
-<stream:stream[\x09-\x0d ][ -~]*[\x09-\x0d ]xmlns=['"]jabber
diff --git a/package/iptables/files/l7/msnmessenger.pat b/package/iptables/files/l7/msnmessenger.pat
deleted file mode 100644
index e07f71f31..000000000
--- a/package/iptables/files/l7/msnmessenger.pat
+++ /dev/null
@@ -1,15 +0,0 @@
-# MSN Messenger - Microsoft Network chat client
-# Pattern quality: good veryfast
-#
-# Usually uses port 1863
-# http://www.hypothetic.org/docs/msn/index.php
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-msnmessenger
-# ver: allow versions up to 99.
-# usr (in case ver didn't work):
-^(ver [0-9]+ msnp[1-9][0-9]? [\x09-\x0d -~]* cvr|usr md5 i [ -~]*)
diff --git a/package/iptables/files/l7/ntp.pat b/package/iptables/files/l7/ntp.pat
deleted file mode 100644
index b7e443e21..000000000
--- a/package/iptables/files/l7/ntp.pat
+++ /dev/null
@@ -1,17 +0,0 @@
-# (S)NTP - (Simple) Network Time Protocol - RFCs 1305 and 2030
-# Pattern quality: good veryfast overmatch
-#
-# This pattern is tested and is believed to work. If this does not work
-# for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . Subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# client|server
-# Requires the server's timestamp to be in the present or future (of 2005).
-# Tested with ntpdate on Linux.
-# Assumes version 2, 3 or 4.
-
-# Note that ntp packets are always 48 bytes, so you should match on that too.
-
-ntp
-^([\x13\x1b\x23\xd3\xdb\xe3]|[\x14\x1c$].......?.?.?.?.?.?.?.?.?[\xc6-\xff])
diff --git a/package/iptables/files/l7/pop3.pat b/package/iptables/files/l7/pop3.pat
deleted file mode 100644
index f6bb63061..000000000
--- a/package/iptables/files/l7/pop3.pat
+++ /dev/null
@@ -1,50 +0,0 @@
-# POP3 - Post Office Protocol version 3 (popular e-mail protocol) - RFC 1939
-# Pattern quality: good veryfast
-#
-# This pattern has been tested somewhat. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# this is a difficult protocol to match because of the relative lack of
-# distinguishing information. Read on.
-pop3
-
-# this the most conservative pattern. It should definitely work.
-#^(\+ok|-err)
-
-# this pattern assumes that the server says _something_ after +ok or -err
-# I think this is probably the way to go.
-^(\+ok |-err )
-
-# more that 90% of servers seem to say "pop" after "+ok", but not all.
-#^(\+ok .*pop)
-
-# Here's another tack. I think this is my second favorite.
-#^(\+ok [\x09-\x0d -~]*(ready|hello|pop|starting)|-err [\x09-\x0d -~]*(invalid|unknown|unimplemented|unrecognized|command))
-
-# this matches the server saying "you have N messages that are M bytes",
-# which the client probably asks for early in the session (not tested)
-#\+ok [0-9]+ [0-9]+
-
-# some sample servers:
-# RFC example: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
-# mail.dreamhost.com: +OK Hello there.
-# pop.carleton.edu: +OK POP3D(*) Server PMDFV6.2.2 at Fri, 12 Sep 2003 19:28:10 -0500 (CDT) (APOP disabled)
-# mail.earthlink.net: +OK NGPopper vEL_4_38 at earthlink.net ready <25509.1063412951@falcon>
-# *.email.umn.edu: +OK Cubic Circle's v1.22 1998/04/11 POP3 ready <7d1e0000da67623f@aquamarine.tc.umn.edu>
-# mail.yale.edu: +OK POP3 pantheon-po01 v2002.81 server ready
-# mail.gustavus.edu: +OK POP3 solen v2001.78 server ready
-# mail.reed.edu: +OK POP3 letra.reed.edu v2002.81 server ready
-# mail.bowdoin.edu: +OK mail.bowdoin.edu POP3 service (iPlanet Messaging Server 5.2 HotFix 1.15 (built Apr 28 2003))
-# pop.colby.edu: +OK Qpopper (version 4.0.5) at basalt starting.
-# mail.mac.com: +OK Netscape Messaging Multiplexor ready
-
-# various error strings:
-#-ERR Invalid command.
-#-ERR invalid command
-#-ERR unimplemented
-#-ERR Invalid command, try one of: USER name, PASS string, QUIT
-#-ERR Unknown AUTHORIZATION state command
-#-ERR Unrecognized command
-#-ERR Unknown command: "sadf'".
diff --git a/package/iptables/files/l7/smtp.pat b/package/iptables/files/l7/smtp.pat
deleted file mode 100644
index 1bab7a1df..000000000
--- a/package/iptables/files/l7/smtp.pat
+++ /dev/null
@@ -1,39 +0,0 @@
-# SMTP - Simple Mail Transfer Protocol - RFC 2821 (See also RFC 1869)
-# Pattern quality: great fast
-# usually runs on port 25
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-smtp
-# As usual, no text is required after "220", but all known servers have some
-# there. It (almost?) always has string "smtp" in it. The RFC examples
-# does not, so we match those too, just in case anyone has copied them
-# literally.
-^220[\x09-\x0d -~]* (e?smtp|simple mail)
-
-# This is ~3x faster if the stream starts with "220"
-#^220.* (e?smtp|simple mail)
-
-# Some examples:
-# 220 mail.stalker.com ESMTP CommuniGate Pro 4.1.3
-# 220 mail.vieodata.com ESMTP Merak 6.1.0; Mon, 15 Sep 2003 13:48:11 -0400
-# 220 mail.ut.caldera.com ESMTP
-# 220 persephone.pmail.gen.nz ESMTP server ready.
-# 220 smtp1.superb.net ESMTP
-# 220 mail.kerio.com Kerio MailServer 5.6.7 ESMTP ready
-# 220-mail.deerfield.com ESMTP VisNetic.MailServer.v6.0.9.0; Mon, 15 Sep 2003 13:4
-# 220 altn.com ESMTP MDaemon 6.8.5; Mon, 15 Sep 2003 12:46:42 -0500
-# 220 X1 NT-ESMTP Server ipsmin0165atl2.interland.net (IMail 6.06 73062-3)
-# 220 mail.icewarp.com ESMTP Merak 6.1.1; Mon, 15 Sep 2003 19:43:23 +0200
-# 220-mail.email-scan.com ESMTP
-# 220 smaug.dreamhost.com ESMTP
-# 220 kona.carleton.edu -- Server ESMTP (PMDF V6.2#30648)
-# 220 letra.reed.edu ESMTP Sendmail 8.12.9/8.12.9; Mon, 15 Sep 2003 10:35:57 -0700 (PDT)
-# 220-swan.mail.pas.earthlink.net ESMTP Exim 3.33 #1 Mon, 15 Sep 2003 10:32:15 -0700
-#
-# RFC examples:
-# 220 xyz.com Simple Mail Transfer Service Ready (RFC example)
-# 220 dbc.mtview.ca.us SMTP service ready
diff --git a/package/iptables/files/l7/ssl.pat b/package/iptables/files/l7/ssl.pat
deleted file mode 100644
index ab5f62caa..000000000
--- a/package/iptables/files/l7/ssl.pat
+++ /dev/null
@@ -1,15 +0,0 @@
-# SSL and TLS - Secure Socket Layer / Transport Layer Security - RFC 2246
-# Pattern quality: good fast
-# Usually runs on port 443
-#
-# This is a superset validcertssl. For it to match, it must be first.
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-ssl
-# Client Hello | Server Hello with certificate
-# This allows SSL 3.X, which includes TLS 1.0, known internally as SSL 3.1
-^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b)
diff --git a/package/iptables/files/l7/vnc.pat b/package/iptables/files/l7/vnc.pat
deleted file mode 100644
index 35bfbd4ba..000000000
--- a/package/iptables/files/l7/vnc.pat
+++ /dev/null
@@ -1,23 +0,0 @@
-# VNC - Virtual Network Computing. Also known as RFB - Remote Frame Buffer
-# Pattern quality: good fast
-# http://www.realvnc.com/documentation.html
-#
-# This pattern has been verified with vnc v3.3.7 on WinXP and Linux
-# Please report on how this pattern works for you at
-# l7-filter-developers@lists.sf.net . If you can improve on this pattern,
-# please also post to that list. You may subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# Thanks to Trevor Paskett <tpaskett AT cymphonix.com> for this pattern.
-
-vnc
-# Assumes single digit major and minor version numbers
-# This message should be all alone in the first packet, so ^$ is appropriate
-^rfb 00[1-9]\.00[0-9]\x0a$
-
-# This is a more restrictive version which assumes the version numbers
-# are ones actually in existance at the time of this writing, i.e. 3.3,
-# 3.7 and 3.8 (with some clients wrongly reporting 3.5). It should be
-# slightly faster, but probably not worth the extra maintenance.
-# ^rfb 003\.00[3578]\x0a$
-