Date: Wed, 31 Aug 2005 07:07:49 -0500 From: eculp@bafirst.com To: freebsd-pf@freebsd.org Subject: Re: FW: Application layer firewall on FreeBSD, is it possible ? Message-ID: <20050831070749.b200501hq80w0csg@mail.bafirst.com> In-Reply-To: <20050831001634.63B2C4E704@pipa.profix.cz> References: <20050831001634.63B2C4E704@pipa.profix.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Daniel Dvo=C5=99=C3=A1k <dandee@hellteam.net>: > ... but you know, proxy is not what I am asking, proxy is not firewall. > > We do not need to restrict everything and all members. > > We like full routeable network with full access to IPv6 / IPv4 internet > without any necessary action like configure proxy clients at all pc=C2=B4= s our > members. > > We only want to deny only p2p applications by default for all pc=C2=B4s > regardless of used protocol/ports and to allow grantting access to p2p > networks each members in individual way, because we have to prevent anoth= er > letter from our ISP which was contacted by BSA that from our public IP ( > from one member in private ip space ) ... traffic ... share ... violate .= .. > authorial law. > > So of course it must be combination of IP and application osi model > firewall. > > Gateway server should check all packets and their contents to decide if > allowed or denied in fast way like l7-filter on Linux OS. > > So is it possible on FreeBSD OS ? Dan, Thanks for bringing this up. I have been looking for a way to control p2p for a while also. It is a problem that I can see only getting worse. I was unaware of l7-filter on Linux and want to see how it works because for us the word "FAST" is key. If you find a solution, I would appreciate your posting it to the list, which I'm sure you will do anyway. Have a great day, ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050831070749.b200501hq80w0csg>