我安装并配置 l7-filter:
sudo apt-get install l7-filter-userspace l7-protocols
sudo cp /usr/share/doc/l7-filter-userspace/examples/sample-l7-filter.conf /etc/l7-filter.conf
sudo l7-filter -f /etc/l7-filter.conf -q 2 -v
sudo iptables -t mangle -A PREROUTING -j NFQUEUE --queue-num 2
sudo iptables -t mangle -A OUTPUT -j NFQUEUE --queue-num 2
l7-filter 加载所有协议并且没有给出错误:
Got packet, had no ct: udp 17 src=192.168.1.1 dst=8.8.8.8
sport=45659 dport=53
Got packet, had no ct: udp 17 src=192.168.1.1 dst=8.8.8.8
sport=34234 dport=53
答案1
尝试加载 ip_conntrack_netlink 和 nf_conntrack_ipv4 模块:
sudo modprobe ip_conntrack_netlink
sudo modprobe nf_conntrack_ipv4