can pf block a string ? or better, to limit it ?
John Lists Tate
john-lists at johntate.org
Thu Jun 24 05:13:52 UTC 2010
This or writing a squid redirector are probably the best way to go about it.
You can just redirect everything through a program with pf in any case and
give that program the real work.
John Tate.
-----Original Message-----
From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org] On
Behalf Of Michael Proto
Sent: Thursday, June 24, 2010 7:11 AM
To: Peter Maxwell
Cc: freebsd-pf at freebsd.org
Subject: Re: can pf block a string ? or better, to limit it ?
On Wed, Jun 23, 2010 at 4:15 PM, Peter Maxwell <peter at allicient.co.uk>
wrote:
> Hmmm, off the top of my head: I wonder if you could use Snort and have
that
> do full packet inspection for you. Then you should be able to script an
> alert if the string is found and call pfctl to add the offending IP
address
> to a table that blackholes it. Just a thought.
>
> Or if you want to do it "properly", I'm sure you could code something
along
> the lines of a kernel module.
>
What about proxying the connection with nstreams?
http://www.freshports.org/net-mgmt/nstreams
-Proto
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list