String Match
Oliver Fromme
olli at lurza.secnetix.de
Fri Nov 11 09:14:31 PST 2005
Cesar <listas at itm.net.br> wrote:
> Its not a bad ideia since I see a lot of people searching for P2P traffic
> control/shaper.
>
> I'm operating an ISP with 3000 broadband users ... And yes. I can call they
> untrusted, but this is not the point.
In that case I'm thankful that I'm not your customer. My
DSL provider does not restrict or limit traffic arbitrarily.
If he did, I would cancel the contract and go to a different
provider. (Note that I'm not using any P2P applications
myself.)
> I tried a linux based system ( Mikrotik ) to limit P2P and it matched almost
> 100% of P2P traffic ... And as I know, ipfw can't do this.
It is not IPFW's job. This does not belong in the packet
filter in the kernel. Linux has a lot of crazy things,
such as in-kernel HTTP server, but that doesn't mean that
FreeBSD has to follow it.
As Max pointed out, you can achieve the same in various
ways (divert, bpf, pfil, netgraph), which are much better
suited for that job.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
Passwords are like underwear. You don't share them,
you don't hang them on your monitor or under your keyboard,
you don't email them, or put them on a web site,
and you must change them very often.
More information about the freebsd-ipfw
mailing list