firewall rules for bitlord, yahoo, limewire

Norberto Meijome numardbsd at
Wed Nov 26 17:53:40 PST 2008

On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 <fbsd1 at> wrote:

> I have inclusive firewall rule set which means only packets matching
> the rules are passed through. The inbound hight port numbers are
> blocked by design.
> How do other firewall users code rules to allow limewire to work?

i think there are a few interesting posts in this thread (and several corrections about p2p 'evilness', which is good :P ).

A thread that may be of interest was started on net@ earlier in the year - look for :

From: Mike Makonnen <mtm at>
To: freebsd-net at
Subject: Application layer classifier for ipfw
Date: Thu, 31 Jul 2008 13:02:29 +0300

- it refers to ipfw, not pf.
- I think there was at least another thread following up on this with working code,etc. 

of course, DPI-style checks won't work (at all, or in a scalable fashion) as soon as users start encrypting their packets :P


{Beto|Norberto|Numard} Meijome

"I didn't attend the funeral, but I sent a nice letter saying  I approved of it."
  Mark Twain

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.

More information about the freebsd-questions mailing list