From owner-freebsd-pf@FreeBSD.ORG  Thu Jun 24 08:54:31 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2F297106567A
	for <freebsd-pf@freebsd.org>; Thu, 24 Jun 2010 08:54:31 +0000 (UTC)
	(envelope-from claudiu.vasadi@gmail.com)
Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id ADB138FC1A
	for <freebsd-pf@freebsd.org>; Thu, 24 Jun 2010 08:54:30 +0000 (UTC)
Received: by wyf22 with SMTP id 22so105254wyf.13
	for <freebsd-pf@freebsd.org>; Thu, 24 Jun 2010 01:54:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:content-type;
	bh=Rzpg12IbIGq7MuA5tBdOoAYoRrTwEaiOzKmZkhjWxfU=;
	b=o0fVHcSAXrKezWuiQSwx1Oiez3BehbYtL1Xftc9I2nHmJvuWz41pqM1sfGdJgamNFJ
	/JfYG1DIjbChGHW1bWAwJc3PWfnzEAUbbw6SyPz1db2tmvGSbv9CCVHNkPaNKLNmN9RW
	B2JXF2M92XijK+Qn/zpNcdYcKhBfwSl2LCLlQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type;
	b=qhD80oZJtgM9evjzoSbFIeKBeGK2rAFtetL5snQ/huthGG7TIZccOzxClxEGztht/u
	AHlgUQSqi2OggyLL88RdihMgA7TDrEj7pA24venedxizKX/cqtN/LheisVSRTnFRaHEy
	M6EMlUr/gMZ2uFq0aNeGdM7FIUSyBQi4tIcCc=
MIME-Version: 1.0
Received: by 10.216.184.6 with SMTP id r6mr6916581wem.87.1277369669512; Thu, 
	24 Jun 2010 01:54:29 -0700 (PDT)
Received: by 10.216.18.77 with HTTP; Thu, 24 Jun 2010 01:54:29 -0700 (PDT)
In-Reply-To: <010101cb1358$d92b3b50$8b81b1f0$@org>
References: <AANLkTima26GreX5jtmdJiR2FbNiB5O4ixN92oqxktTmb@mail.gmail.com>
	<7114830758496124649@unknownmsgid>
	<AANLkTimN_9x-cQiF12bQdIjtHa7BjM6kMoEfsjcjcKLH@mail.gmail.com>
	<AANLkTinCwonuSkfbLIWfHYW53jyIC4zWNxReA4Fmn5Kh@mail.gmail.com>
	<AANLkTilBWj_tA7-ECbzKLz3hkZDPwo6HmBWnRe-yiS_K@mail.gmail.com>
	<010101cb1358$d92b3b50$8b81b1f0$@org>
Date: Thu, 24 Jun 2010 10:54:29 +0200
Message-ID: <AANLkTikkFcAeSGKjQ93J7cTL32EUQ_V7alWz-g1GE0ZJ@mail.gmail.com>
From: claudiu vasadi <claudiu.vasadi@gmail.com>
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: can pf block a string ? or better, to limit it ?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2010 08:54:31 -0000

@Peter Maxwell: kernel coding is too much for me

@Michael proto: nstreams ... reading about it

@Vlad Galu: STATEFUL TRACKING OPTIONS has nothing to do with "string
matching". I want to bock a particular string (ex: "test") and not filter by
S/SA or other tcp flags

@john: I was thinking about something similar


I will let you know once I finish reading and testing.

thx for your opinions and more are welcomed :)