From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 10 16:58:57 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9226E16A41F for ; Thu, 10 Nov 2005 16:58:57 +0000 (GMT) (envelope-from listas@itm.net.br) Received: from venom.fsonline.com.br (venom.fsonline.com.br [201.30.187.5]) by mx1.FreeBSD.org (Postfix) with SMTP id 9C97C43D58 for ; Thu, 10 Nov 2005 16:58:56 +0000 (GMT) (envelope-from listas@itm.net.br) Received: (qmail 75187 invoked from network); 10 Nov 2005 13:53:04 -0300 Received: from unknown (HELO ironman) (200.223.79.12) by venom.fsonline.com.br with SMTP; 10 Nov 2005 13:53:04 -0300 Message-ID: <002301c5e617$fe751750$46bb1ec9@ironman> From: "Cesar" To: References: <200511101555.jAAFtkqw013738@lurza.secnetix.de> Date: Thu, 10 Nov 2005 13:58:37 -0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Cc: Subject: Re: String Match X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2005 16:58:57 -0000 Its not a bad ideia since I see a lot of people searching for P2P traffic control/shaper. I'm operating an ISP with 3000 broadband users ... And yes. I can call they untrusted, but this is not the point. With ipfw I can do per IP traffic shaping, but what about if I can limit a IP in 256kbps and say that this IP will be able to use only 128Kbps for P2P traffic. As I said, I do this nowadays creating rules based on P2P ports, as well as m0n0wall do. However it is not efficient as iptables is. I tried a linux based system ( Mikrotik ) to limit P2P and it matched almost 100% of P2P traffic ... And as I know, ipfw can't do this. And maybe this kind of string match can become useful to other things. Cesar ----- Original Message ----- From: "Oliver Fromme" To: Sent: Thursday, November 10, 2005 12:55 PM Subject: Re: String Match > Cesar wrote: > > > > Sorry for my bad explanation ... > > > > I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use > > a > > modification in linux kernel/iptables some kind of "string match" to > > identify P2P traffic. > > Which is basically a bad idea, as I have explained in my > previous mail. > > > Nowadays I use port based rules to limit P2P traffic, which is not a > > good > > solution since most of P2P programs are using random ports. > > May I ask why do you need to do that? Are you operating > an internet router for untrusted users? > > Best regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing > Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "I invented Ctrl-Alt-Delete, but Bill Gates made it famous." > -- David Bradley, original IBM PC design team > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >