PF & BLOCK MP3 (AVI)
Daniel Hartmeier
daniel at benzedrine.cx
Wed Jul 20 18:36:03 GMT 2005
On Wed, Jul 20, 2005 at 09:20:13PM +0400, alex-bsd wrote:
> Presence this function in IPTABLES is very convenient for them.
I'm not sure, but could it be that you over-estimate 'convenience' in
this case?
Because it appears to be rather simple to add a http proxy to the mix
which solves the problem both conveniently AND reliably. Take squid or
Apache mod_proxy, shouldn't take more than a rainy afternoon to set it up
transparently (using pf to rdr all port 80 traffic through it) for
blocking requests based on filename regex matching.
What's not perfectly convenient about that? This is not a black art that
requires hours upon hours of complex installation and configuration.
Maybe someone can step in and outline the configuration for you.
If you have the choice between a solid solution that requires two hours
of setup and an unreliable hack that takes two minutes, do you really
choose the hack? What you're asking for is that a programmers spends two
WEEKS worth of time giving you this choice on pf/BSD. Doesn't make sense
to me, sorry.
Daniel
More information about the freebsd-pf
mailing list