Date: Wed, 31 Aug 2005 22:43:54 +1000 From: Norberto Meijome <freebsd@meijome.net> To: freebsd-questions@freebsd.org Subject: Re: Application layer firewall on FreeBSD, is it possible ? Message-ID: <4315A60A.40002@meijome.net> In-Reply-To: <20050830234717.3D5E14E704@pipa.profix.cz> References: <20050830234717.3D5E14E704@pipa.profix.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
hey, Daniel Dvořák wrote: > We are small wireless community and have shared access to internet for all > members. Core members decided to control p2p traffic by default and to allow > each person in individual way, after showing their knowledge of authorial > low. :) I think you mean copyright law. > > But since many dc hubs, edonkey servers, bittorents web trackers and so on > use dynamic not standard ports, how to control it ? I havent seen any way to control traffic for P2P apps reliably @ the protocol layer, u need to inspect it. Something like snort attached to your firewall, i guess ... though it'd be a reverse IDS (or a reverse IPS, intrusion prevention system, I've seen it called...) a quick search in ports for ids shows: /net/libnids /security/libprelude and other prelude related ports /security/snortms and other snort related ports > > Linux use l7-filter <http://sourceforge.net/projects/l7-filter> > sourceforge.net/projects/l7-filter sourceforge freeware and , it is based on > iptables, defination application protocols like ethereal project do. right - so something like applying ethereal rules to the output of tcpdump and updating the rules in realtime...mind you, many of these apps/protocols are extremely flexible, they'll change how they connect very fast, which will put the load on your firewall > So, is there any way to do same application layer osi model firewall with > FreeBSD gateway ? i dont see why not...though it's obvious I'm not sure how :) please share the answer when you find it :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4315A60A.40002>