can pf block a string ? or better, to limit it ?
mike at jellydonut.org
Wed Jun 23 21:10:32 UTC 2010
On Wed, Jun 23, 2010 at 4:15 PM, Peter Maxwell <peter at allicient.co.uk> wrote:
> Hmmm, off the top of my head: I wonder if you could use Snort and have that
> do full packet inspection for you. Then you should be able to script an
> alert if the string is found and call pfctl to add the offending IP address
> to a table that blackholes it. Just a thought.
> Or if you want to do it "properly", I'm sure you could code something along
> the lines of a kernel module.
What about proxying the connection with nstreams?
More information about the freebsd-pf