Sorry for my bad explanation ...
I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use a
modification in linux kernel/iptables some kind of "string match" to
identify P2P traffic.
Nowadays I use port based rules to limit P2P traffic, which is not a good
solution since most of P2P programs are using random ports.
----- Original Message -----
From: "Oliver Fromme" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, November 10, 2005 10:57 AM
Subject: Re: String Match
I can't think of any real-world examples where string-
matching would be useful and work reliably. The above
examples do not work reliably, because the rules would
also have rejected your email to this mailing list. ;-)
If you want to filter on application level (e.g. certain
HTTP GET commands like the one above), you should do it
in the application (e.g. apache). That's not the job of
a packet filter.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"Unix gives you just enough rope to hang yourself --
and then a couple of more feet, just to be sure."
-- Eric Allman
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
