Date: Mon, 12 Nov 2007 16:32:47 +0530 From: Girish Venkatachalam <girishvenkatachalam@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Quick question about PF and ALTQ Message-ID: <20071112110247.GB14109@saraswathy.susmita.org> In-Reply-To: <20071111144325.GA3433@saraswathy.susmita.org> References: <53330.192.168.13.8.1194786209.squirrel@www.boosten.org> <20071111144325.GA3433@saraswathy.susmita.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14:03:29 Nov 11, Peter Boosten wrote:
> Hi all,
>
> One quick question: is it possible to filter specific kinds of traffic
> with altq, traffic that is not bound to specific IP addresses, like online
> radio?
>
Looks like I finally understood what you want.
You want to block the protocol from/to *any* IP address.
This is easily done.
block all
pass out all to { http smtp ftp }
This is a very "cruel" ruleset. :)
Instead you actually want this one.
nonbusiess= "{" 522 bittorrent ... "}"
block quick drop out all to port $nonbusiness
As you can see using pf, you can leave out anything.
That is the power of this marvelous creation.
It gives tremendous power to firewalls.
In fact I would venture to say it is the best software available for
firewalling functionality.
Best,
Girish
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071112110247.GB14109>