hey, Daniel Dvořák wrote:
We are small wireless community and have shared access to internet for all members. Core members decided to control p2p traffic by default and to allow each person in individual way, after showing their knowledge of authorial low. :)
I think you mean copyright law.
But since many dc hubs, edonkey servers, bittorents web trackers and so on use dynamic not standard ports, how to control it ?
I havent seen any way to control traffic for P2P apps reliably @ the protocol layer, u need to inspect it. Something like snort attached to your firewall, i guess ... though it'd be a reverse IDS (or a reverse IPS, intrusion prevention system, I've seen it called...)
a quick search in ports for ids shows: /net/libnids /security/libprelude and other prelude related ports /security/snortms and other snort related ports
Linux use l7-filter <http://sourceforge.net/projects/l7-filter> sourceforge.net/projects/l7-filter sourceforge freeware and , it is based on iptables, defination application protocols like ethereal project do.
right - so something like applying ethereal rules to the output of tcpdump and updating the rules in realtime...mind you, many of these apps/protocols are extremely flexible, they'll change how they connect very fast, which will put the load on your firewall
So, is there any way to do same application layer osi model firewall with FreeBSD gateway ?
i dont see why not...though it's obvious I'm not sure how :) please share the answer when you find it :)
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
