From owner-freebsd-security@FreeBSD.ORG Wed Feb 25 04:11:14 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89A7616A4CE for ; Wed, 25 Feb 2004 04:11:14 -0800 (PST) Received: from mail.yazzy.org (elskov.com [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 144A943D1F for ; Wed, 25 Feb 2004 04:11:14 -0800 (PST) (envelope-from freebsd@yazzy.org) Received: from localhost (localhost [127.0.0.1]) by mail.yazzy.org (Postfix) with ESMTP id 791A539D36 for ; Wed, 25 Feb 2004 13:11:09 +0100 (CET) Received: from mail.yazzy.org ([127.0.0.1]) by localhost (urukhai.yazzy.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92444-06 for ; Wed, 25 Feb 2004 13:11:09 +0100 (CET) Received: from localhost (gw.wrs.no [213.158.226.1]) by mail.yazzy.org (Postfix) with SMTP id BE28A39D25 for ; Wed, 25 Feb 2004 13:11:06 +0100 (CET) Date: Wed, 25 Feb 2004 13:11:33 +0100 From: Martin Jessa To: freebsd-security@freebsd.org Message-Id: <20040225131133.1b989778.freebsd@yazzy.org> In-Reply-To: References: Organization: WRS ASA X-Mailer: Sylpheed version 0.9.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at yazzy.org Subject: Re: improve ipfw rules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 12:11:14 -0000 Hi. Take a look at: http://jk.yazzy.org/articles/openbsd/kazaa.html Jochem describes there how to block Kazaa with snort on OpenBSD. Hope this helps. On Tue, 24 Feb 2004 10:09:24 -0500 Richy Kim wrote: > >> 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this > issue > you could possibly block connections at known p2p ports. > deny tcp from any to any 6699 step > but most of the newer protocols use dynamic ports and in turn, are > configurable. > so ipfw isn't exactly ideal on it's own for this. > > -r. > > > -----Original Message----- > From: Pons [mailto:pons@gmx.li] > Sent: Tuesday, February 24, 2004 6:33 AM > To: freebsd-security@freebsd.org > Subject: improve ipfw rules > > > I have configured a FreeBSD 5.1 rel box 2 NIC's (Ext.ip/Int.ip) > with ipfw/natd/squid the setup is working > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"