# Tworzenie tablic LAYER7
iptables -t filter -N p2p_l7
for j in $P2P_L7
do
iptables -t filter -A FORWARD -m layer7 --l7dir /etc/l7-protocols/uzyte/p2p --l7proto $j -j p2p_l7
done

iptables -t filter -N p2p_l7_ilpol
for j in $P2P_L7
do
iptables -t filter -I FORWARD -m layer7 --l7dir /etc/l7-protocols/uzyte/p2p --l7proto $j -j p2p_l7_ilpol
done

iptables -t mangle -N p2p_l7_ruch
for j in $P2P_L7
do
iptables -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols/uzyte/p2p --l7proto $j -j p2p_l7_ruch
done

iptables -t mangle -N http_l7_ruch
for j in $HTTP_L7
do
iptables -t mangle -A POSTROUTING -m layer7 --l7dir /etc/l7-protocols/uzyte/pozostale --l7proto $j -j http_l7_ruch
done

# Blokowanie polaczen P2P
for i in $P2P_DENY
do
iptables -t filter -A p2p_l7 -s $i -j DROP
iptables -t filter -A p2p_l7 -d $i -j DROP
done

# Bblokada prob dzialalnosci P2P na portach...
if [ ! "$P2P_NO_PORT" == "" ]; then
iptables -t filter -A p2p_l7 -p tcp -m multiport --sport $P2P_NO_PORT -j DROP
iptables -t filter -A p2p_l7 -p udp -m multiport --sport $P2P_NO_PORT -j DROP
iptables -t filter -A p2p_l7 -p tcp -m multiport --dport $P2P_NO_PORT -j DROP
iptables -t filter -A p2p_l7 -p udp -m multiport --dport $P2P_NO_PORT -j DROP
fi

# Ruch P2P
MARK=501
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark

for i in $P2P_USER_LIMIT
do
if [ ! `echo $i | grep :` == "" ]; then
ADDRESS=`echo $i | cut -d':' -f1`
else
ADDRESS=$i
fi
iptables -t mangle -A PREROUTING -s $ADDRESS -m ipp2p --ipp2p -j MARK --set-mark 0x${MARK}
iptables -t mangle -A p2p_l7_ruch -s $ADDRESS -j MARK --set-mark 0x${MARK}
iptables -t mangle -A PREROUTING -m mark --mark 0x${MARK} -j CONNMARK --save-mark
iptables -t mangle -A POSTROUTING -m mark --mark 0x${MARK} -j RETURN
MARK=$[$MARK+2]
done