can pf block a string ? or better, to limit it ?
Michael Proto
mike at jellydonut.org
Wed Jun 23 21:10:32 UTC 2010
On Wed, Jun 23, 2010 at 4:15 PM, Peter Maxwell <peter at allicient.co.uk> wrote:
> Hmmm, off the top of my head: I wonder if you could use Snort and have that
> do full packet inspection for you. Then you should be able to script an
> alert if the string is found and call pfctl to add the offending IP address
> to a table that blackholes it. Just a thought.
>
> Or if you want to do it "properly", I'm sure you could code something along
> the lines of a kernel module.
>
What about proxying the connection with nstreams?
http://www.freshports.org/net-mgmt/nstreams
-Proto
More information about the freebsd-pf
mailing list