From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 31 00:08:51 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7574816A41F; Wed, 31 Aug 2005 00:08:51 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E57B43D46; Wed, 31 Aug 2005 00:08:49 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id 21740BC071; Wed, 31 Aug 2005 03:08:45 +0300 (EEST) Received: from R3B (unknown [62.38.169.11])by smtp.freemail.gr (Postfix) with ESMTP id 22D64BC00A; Wed, 31 Aug 2005 03:08:43 +0300 (EEST) Message-ID: <000f01c5adc0$1d0d1590$0100000a@R3B> From: "Chris Dionissopoulos" To: , , References: <20050830234717.3D5E14E704@pipa.profix.cz> Date: Wed, 31 Aug 2005 03:08:26 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Cc: Subject: Re: Application layer firewall on FreeBSD, is it possible ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Dionissopoulos List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Aug 2005 00:08:51 -0000 Hi, How about to use snort (/usr/ports/security/snort) to create alerts based on snort p2p rules, and snortsams (i)pf(w) plugin (www.snortsam.net) to make (i)pf(w) deny (or delay) such p2p sessions ? Chris. ----- Original Message ----- From: "Daniel Dvoψαk" To: ; ; Sent: Wednesday, August 31, 2005 2:47 AM Subject: Application layer firewall on FreeBSD, is it possible ? Hi all, let me ask you for task "how to control p2p applications and their traffic with dynamic ports from user΄s commputers on gateway". We are small wireless community and have shared access to internet for all members. Core members decided to control p2p traffic by default and to allow each person in individual way, after showing their knowledge of authorial low. :) But since many dc hubs, edonkey servers, bittorents web trackers and so on use dynamic not standard ports, how to control it ? Linux use l7-filter sourceforge.net/projects/l7-filter sourceforge freeware and , it is based on iptables, defination application protocols like ethereal project do. So, is there any way to do same application layer osi model firewall with FreeBSD gateway ? Of course, I tried to find on web, I have not been successful in searching so far. If my question is not right in this mailing list, if my question is annoying here, so I am sorry. Dan ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking.