Protocol filter capabilities
Alexandre DELAY
alexandre.delay at free.fr
Thu Nov 24 10:23:32 PST 2005
Well, If you want an idea, I found this:
http://freebsd.rogness.net/snort_inline/ in the freebsd-ipfw archive.
The thing is that it works with snort which is not as able as ethereal (and
need to be subscribed) to detect application protocols.
Ethereal already includes performant filters which only wait to be used.
If you need help to develop around dummynet, maybe you can try to contact
luigi who developped dummynet (http://info.iet.unipi.it/~luigi). He might be
interrested by this program.
Maybe you can tell us more about your project?
Cheers
Alex
-----Message d'origine-----
De : owner-freebsd-pf at freebsd.org
[mailto:owner-freebsd-pf at freebsd.org]De la part de Thiago Damas
Envoyé : jeudi 24 novembre 2005 14:47
À : freebsd-pf at freebsd.org
Objet : Re: Protocol filter capabilities
I have a program that implements this, via divert socket with ipfw.
I think the better way to do this is with a program that listens
with bfp/pcap, and inserts/deletes rules using ioctls in /dev/pf
For now, I'm trying to alter a queue, given a state, using /dev/pf,
but it doesnt seen easy. Altering the queue I can limit the bandwidth
of a protocol; if I want to block the protocol, I can just delete the
state of the firewall.
Have you some ideas?
2005/11/23, Alexandre DELAY <alexandre.delay at free.fr>:
> hi guys,
>
> I am looking for an efficient way to filter different protocols, such as
> edonkey or BEEP.
> For the moment, I think that pf doesn't support it.
>
> Don't you think that it would be a nice thing to be able to include such
> "filters" from, for example, ethereal?
> Ethereal support more than 34k different protocols. It woul be nice to be
> able to choose from those filters and to apply some rules according to
those
> filters.
>
> Do you know a way to do this?
>
> Cheers
>
> Alex
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list