Date: Thu, 24 Nov 2005 19:22:38 +0100 From: "Alexandre DELAY" <alexandre.delay@free.fr> To: "Thiago Damas" <tdamas@gmail.com>, <freebsd-pf@freebsd.org> Subject: RE: Protocol filter capabilities Message-ID: <MAEBLPAGHGPMOKCBICBNGEOECIAA.alexandre.delay@free.fr> In-Reply-To: <f8e3d83f0511240547k585dd99fh@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, If you want an idea, I found this: http://freebsd.rogness.net/snort_inline/ in the freebsd-ipfw archive. The thing is that it works with snort which is not as able as ethereal (and need to be subscribed) to detect application protocols. Ethereal already includes performant filters which only wait to be used. If you need help to develop around dummynet, maybe you can try to contact luigi who developped dummynet (http://info.iet.unipi.it/~luigi). He might be interrested by this program. Maybe you can tell us more about your project? Cheers Alex -----Message d'origine----- De : owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org]De la part de Thiago Damas Envoyé : jeudi 24 novembre 2005 14:47 À : freebsd-pf@freebsd.org Objet : Re: Protocol filter capabilities I have a program that implements this, via divert socket with ipfw. I think the better way to do this is with a program that listens with bfp/pcap, and inserts/deletes rules using ioctls in /dev/pf For now, I'm trying to alter a queue, given a state, using /dev/pf, but it doesnt seen easy. Altering the queue I can limit the bandwidth of a protocol; if I want to block the protocol, I can just delete the state of the firewall. Have you some ideas? 2005/11/23, Alexandre DELAY <alexandre.delay@free.fr>: > hi guys, > > I am looking for an efficient way to filter different protocols, such as > edonkey or BEEP. > For the moment, I think that pf doesn't support it. > > Don't you think that it would be a nice thing to be able to include such > "filters" from, for example, ethereal? > Ethereal support more than 34k different protocols. It woul be nice to be > able to choose from those filters and to apply some rules according to those > filters. > > Do you know a way to do this? > > Cheers > > Alex > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MAEBLPAGHGPMOKCBICBNGEOECIAA.alexandre.delay>