Date: Thu, 10 Nov 2005 11:25:37 -0300 From: "Cesar" <listas@itm.net.br> To: <freebsd-ipfw@FreeBSD.ORG> Subject: Re: String Match Message-ID: <000c01c5e602$9ed10a30$46bb1ec9@ironman> References: <200511101357.jAADvwWH008434@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for my bad explanation ... I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use a modification in linux kernel/iptables some kind of "string match" to identify P2P traffic. Nowadays I use port based rules to limit P2P traffic, which is not a good solution since most of P2P programs are using random ports. ----- Original Message ----- From: "Oliver Fromme" <olli@lurza.secnetix.de> To: <freebsd-ipfw@FreeBSD.ORG> Sent: Thursday, November 10, 2005 10:57 AM Subject: Re: String Match > I can't think of any real-world examples where string- > matching would be useful and work reliably. The above > examples do not work reliably, because the rules would > also have rejected your email to this mailing list. ;-) > > If you want to filter on application level (e.g. certain > HTTP GET commands like the one above), you should do it > in the application (e.g. apache). That's not the job of > a packet filter. > > Best regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing > Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "Unix gives you just enough rope to hang yourself -- > and then a couple of more feet, just to be sure." > -- Eric Allman > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c5e602$9ed10a30$46bb1ec9>