From owner-freebsd-questions@FreeBSD.ORG Wed May 19 23:53:09 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0F9416A4CE for ; Wed, 19 May 2004 23:53:09 -0700 (PDT) Received: from mx1.mail.ru (mx1.mail.ru [194.67.23.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0FBD43D45 for ; Wed, 19 May 2004 23:53:09 -0700 (PDT) (envelope-from schizik@mail.ru) Received: from [195.96.167.130] (port=49620 helo=[192.168.2.104]) by mx1.mail.ru with esmtp id 1BQhQ7-000BRi-00; Thu, 20 May 2004 10:52:47 +0400 From: Schizik Organization: Special Threatment Facility for Mentally Sick Perverts To: Anton Alin-Adrian Date: Thu, 20 May 2004 10:51:06 +0400 User-Agent: KMail/1.6.1 References: <200405181404.53358.schizik@mail.ru> <40ABE3EA.3020704@reversedhell.net> In-Reply-To: <40ABE3EA.3020704@reversedhell.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405201051.09317.schizik@mail.ru> X-Spam: Not detected cc: freebsd-questions@freebsd.org Subject: Re: Firewalling Q X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2004 06:53:10 -0000 Hello! > Block everything. (or don't route) I can't All this people are commercial customers We only have a policy that allows us to limit bandwidth for them in case of excessive usage. I have found nice approach for analyzing network traffic and installling dynamic firewall rules for it. It can be found at http://homes.cs.ru.ac.za/B.Irwin/research/ Barry_irwin-dynamic-filtering_SACLA2002.pdf Links to scripts in this document are outdated, but it gives an idea how this can be done. Alex