From owner-freebsd-questions@FreeBSD.ORG  Thu Nov 27 01:53:40 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6EBB81065674
	for <freebsd-questions@freebsd.org>;
	Thu, 27 Nov 2008 01:53:40 +0000 (UTC)
	(envelope-from numardbsd@gmail.com)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.230])
	by mx1.freebsd.org (Postfix) with ESMTP id 372318FC0A
	for <freebsd-questions@freebsd.org>;
	Thu, 27 Nov 2008 01:53:39 +0000 (UTC)
	(envelope-from numardbsd@gmail.com)
Received: by rv-out-0506.google.com with SMTP id b25so702630rvf.43
	for <freebsd-questions@freebsd.org>;
	Wed, 26 Nov 2008 17:53:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:subject
	:message-id:in-reply-to:references:x-mailer:face:mime-version
	:content-type:content-transfer-encoding;
	bh=cscC13nN8gDuIE1hb/7S44rztaAw2D+Hhh0qEdPIYkY=;
	b=d0BGZZvC+eqe7hDh+6UtxU+Q/1ZPvyigi9bLAQc1vib5T9JPeJUXjaPLvnsltJzWov
	4WquqKyb5LdWWzmp1DkIWX3FY+/5hoGF0mxUU3dVhRJToSGekPZ8lAjqHoEjSaVh+ao5
	wFFUFNoTG1HmhlpPfdsTVrTOWJdUXeSshOXQA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:subject:message-id:in-reply-to:references:x-mailer
	:face:mime-version:content-type:content-transfer-encoding;
	b=XKGIUoOzUB/H7RYJGYq46FBOnbjaKEYZBI4GJja5Mxm/b/I4yYLtWbKWLrrS91/RGg
	o480Vlsl4JZkdlt0dKm7LzkzKE+h1IP6L9UQXztETXdhxTngn8yMqi8McOnd2n9lxyGP
	G2kYTweXqY7wMFRmAI5txZoe/FvnC2HbMyyVM=
Received: by 10.142.200.20 with SMTP id x20mr1561321wff.103.1227750819457;
	Wed, 26 Nov 2008 17:53:39 -0800 (PST)
Received: from ayiin (124-170-24-179.dyn.iinet.net.au [124.170.24.179])
	by mx.google.com with ESMTPS id 31sm467411wff.3.2008.11.26.17.53.36
	(version=SSLv3 cipher=RC4-MD5); Wed, 26 Nov 2008 17:53:38 -0800 (PST)
Date: Thu, 27 Nov 2008 12:53:30 +1100
From: Norberto Meijome <numardbsd@gmail.com>
To: freebsd-questions@freebsd.org
Message-ID: <20081127125330.74268ddc@ayiin>
In-Reply-To: <492D51CB.9000201@a1poweruser.com>
References: <492D51CB.9000201@a1poweruser.com>
X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.1)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEX+/v7++v6YOTrq8PCcuIX989UvOSj++v0BNCbpAAAAB3RJTUUHsQwfFzs7RBhzUQAAAhJJREFUOI1dU8GOqzAMNKIoV1bvwD1i0ysqrHplIdBrVSX7ATSbd03VVvn9tQNtQy0hjAdn7LED4AAcPtWm9RV+MPSfxhBLx9ajd6X/ngB6/mTwnRSZua7i7Ca+0ctZKo4Qmz+JY13X6I3nFZBxIYW1PbgfQ5RP8g0XlltEWGf3cV03joYpRnFbvYDKbXjZlXyyhEZA4lI+cN3NaVXE4VKjSwTExO10eTEkkJVqIAD5z0nUBQJluQDRSQjcrBiHAJxZlAH5CUMBMC7OcJ4LMQNnxhZ1HYPscMc6J4UlWRMNwzOpCcAHKSICd1EDn83abdREIbXsHkD1OinP1aCUCOEVRaa1lMcvywUWdYgk13JQUpYNKmvXQ8Kw5ML9YI5h8SakctBc7E/IYuLhYd/zZIk+1gM1vNweQBvHE0j+oYah3sMqAytQYlZk6+ANaaawJdu3OFzYGMZ3iGpa3qMlq9ZH0VZTgrCtw/ngdYkEIIpSbP1bWQAdFdX9vocBdkH2qVjVmuMu3gI5rjs814EUdrCZgWlPaxZZ3RiLFUtr+ud0PXwp2dnQSNXgePt6AZpBj6UMJ7VQkzN4utVeaSW1Dhn/kblGrKeMvNGnzwX4zuEDarYz1KdPtR60Gul0Gued+515SJXhCsl+Tx/3kY/UDvicPll9mfu50t3tvQ/thZpJYgeuwdSKNJ6tCD98MCgoxLDaPxbwqqwPWaWiAAAAAElFTkSuQmCC
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: firewall rules for bitlord, yahoo, limewire
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Nov 2008 01:53:40 -0000

On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 <fbsd1@a1poweruser.com> wrote:

> I have inclusive firewall rule set which means only packets matching
> the rules are passed through. The inbound hight port numbers are
> blocked by design.
> 
> How do other firewall users code rules to allow limewire to work?

Hi,
i think there are a few interesting posts in this thread (and several corrections about p2p 'evilness', which is good :P ).

A thread that may be of interest was started on net@ earlier in the year - look for :

From: Mike Makonnen <mtm@wubethiopia.com>
To: freebsd-net@freebsd.org
Subject: Application layer classifier for ipfw
Date: Thu, 31 Jul 2008 13:02:29 +0300

- it refers to ipfw, not pf.
- I think there was at least another thread following up on this with working code,etc. 

of course, DPI-style checks won't work (at all, or in a scalable fashion) as soon as users start encrypting their packets :P

b

_________________________
{Beto|Norberto|Numard} Meijome

"I didn't attend the funeral, but I sent a nice letter saying  I approved of it."
  Mark Twain

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.