From owner-freebsd-pf@FreeBSD.ORG Tue Jan 20 19:36:27 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 88FC83E9 for ; Tue, 20 Jan 2015 19:36:27 +0000 (UTC) Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 09580F52 for ; Tue, 20 Jan 2015 19:36:27 +0000 (UTC) Received: by mail-la0-f41.google.com with SMTP id gm9so10220241lab.0 for ; Tue, 20 Jan 2015 11:36:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=5m+5bXXixG9Wwtl9Y8tz8BFbZiBePNT1nnfTkY56smM=; b=wYx/XlMKCisso+q3ryca/YB++bur2ulfHpH2lJZ5SObAGuu+7Qj95M1cPHi7Vi1sEK NDYCXloEOX3qrTvjUnVhbcEDLPEKUZh5g/SOwe/oCWH6BRybRju4ux8A4vNgkLLCOo9q H9LWUPimEeyWczh41PQXfTF4DUFnA3xeMrHLDO1tUQcmgtk6hctF9h9DjrBdWvYMVfhh NoS/JNimCg91s2B36zzumuuzauIfkySstn/XoQz6B3ermPEPL/AtJK8yGH/4PYcUnHY5 tna87W42ZCnmQmfsMEWU2IFYYuHvagMxuO3F53QIPiUPaVN3bKJjyvfxqy5IcAgsgTeg MKaA== X-Received: by 10.112.91.43 with SMTP id cb11mr7531900lbb.63.1421782585121; Tue, 20 Jan 2015 11:36:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.20.229 with HTTP; Tue, 20 Jan 2015 11:35:44 -0800 (PST) In-Reply-To: <54BDD62E.4040003@bluerosetech.com> References: <54BDD62E.4040003@bluerosetech.com> From: Odhiambo Washington Date: Tue, 20 Jan 2015 22:35:44 +0300 Message-ID: Subject: Re: Controlling P2P with PF To: Darren Pilgrim Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-pf@freebsd org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2015 19:36:27 -0000 On 20 January 2015 at 07:14, Darren Pilgrim wrote: > On 1/19/2015 8:06 AM, Odhiambo Washington wrote: > >> Hello all, >> >> So I found this link while trying to figure out of PF can control P2P - >> ttp://www.benhup.com/?mf=freebsd&sf=freebsd8.2-p9_04_peerblock >> >> I tried using it, but I could still download using utorrent from my >> network. >> >> Does this mean I am beating a dead horse, or I have my filter rules in bad >> order or something I am missing? >> > > Yes, you're beating a dead horse. A torrent client will use any open port > it can get, and the stuff you really do want to stop runs the torrent over > SSL (i.e., you can't tell it apart from HTTPS traffic). All you can do is > rate-limit the bandwidth hogs, then deal with people upset about poor > streaming video performance. > > Hi Darren, Thanks. Looking at my pf.conf, is there something you see wrong if squid and PF are on the same machine (gateway)? I am having weird issues with squid complaining that it detects loops. I am running it in intercept/transparent mode. PS: Was IPFilter removed from FreeBSD-10.1 ? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."