listas at itm.net.br
Thu Nov 10 06:25:58 PST 2005
Sorry for my bad explanation ...
I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use a
modification in linux kernel/iptables some kind of "string match" to
identify P2P traffic.
Nowadays I use port based rules to limit P2P traffic, which is not a good
solution since most of P2P programs are using random ports.
----- Original Message -----
From: "Oliver Fromme" <olli at lurza.secnetix.de>
To: <freebsd-ipfw at FreeBSD.ORG>
Sent: Thursday, November 10, 2005 10:57 AM
Subject: Re: String Match
> I can't think of any real-world examples where string-
> matching would be useful and work reliably. The above
> examples do not work reliably, because the rules would
> also have rejected your email to this mailing list. ;-)
> If you want to filter on application level (e.g. certain
> HTTP GET commands like the one above), you should do it
> in the application (e.g. apache). That's not the job of
> a packet filter.
> Best regards
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
> Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
> Any opinions expressed in this message may be personal to the author
> and may not necessarily reflect the opinions of secnetix in any way.
> "Unix gives you just enough rope to hang yourself --
> and then a couple of more feet, just to be sure."
> -- Eric Allman
> freebsd-ipfw at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw