Thank you for the suggestion. I’ve loaded the most recent L7 filter definitions per your suggestion. My L7 window now shows l7-protocols-2009-05-28 and the RTP filter in that .tgz file is dated 28May2009.
However it does no better than the old one for me. Looking at the filter, I see this comment:
# RTP headers are *very* short and compact. They have almost nothing in
# them that can be matched by l7-filter. As RTP connections take place
# between even numbered ports, you should probably check for that before
# applying this pattern. If you want to match them along with their
# associated SIP packets, you might try setting up some iptables rules
# that watch for SIP packets and then also match any other UDP packets
# that are going between the same two IP addresses.
I am new enough at iptables that I haven’t a clue how to set “up some iptables rules that watch for SIP packets and then also match any other UDP packets that are going between the same two IP addresses”.
Well, I think I can and have gotten matches for the SIP packets. I just don’t know how to then match up other UDP packets going between the same two IP addresses. Any ideas?