On 19 March 2011 10:22, Christiano F. Haesbaert <haesba...@haesbaert.org> wrote:
> On 19 March 2011 10:05, johhny_at_poland77 <johhny_at_polan...@zoho.com>
> wrote:
>> Does somebody has an idea, that what kind of iptables/pf rule must i use to
>> achieve this?:
>>
>
iptables is linux thingy, so is out of the equation.
>
>> i only want to allow these connections [on the output chain]:
>>
>> on port 53 output only allow udp - dns
>> on port 80 output only allow tcp - http
>> on port 443 output only allow tcp - https
>> on port 993 output only allow tcp - imaps
>> on port 465 output only allow tcp - smtps
>> on port 22 output only allow tcp - ssh
>> on port 20-21 output only allow cp - ftp
>> on port 989-990 output only allow tcp - ftps
>> on port 1194 output only allow udp - OpenVPN
>>
>> So that e.g.: OpenVPN on port 443 would be blocked, because only HTTPS is
>> allowed on port 443 outbound.
>>
>> Any ideas? :\
>>
>
To my knowledge pf doesn't do layer 7 filtering, and from what I've
hear that is not a wanted feature, but pf hackers might know it
better.
