From owner-freebsd-questions@FreeBSD.ORG Mon Nov 12 11:03:06 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 689A616A418 for ; Mon, 12 Nov 2007 11:03:06 +0000 (UTC) (envelope-from girishvenkatachalam@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.184]) by mx1.freebsd.org (Postfix) with ESMTP id 3841E13C48D for ; Mon, 12 Nov 2007 11:03:05 +0000 (UTC) (envelope-from girishvenkatachalam@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so1045876rvb for ; Mon, 12 Nov 2007 03:02:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:received:date:from:to:subject:message-id:reply-to:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; bh=G+6DaeSqsuwr12GF56jsw+fTgC3CRdnDMocI4uuHJJo=; b=Pm34O9woL67/s0IQGcCJxZypk7R3Mzfv4rw5tGSIVkJ5CHn5hDdKcKBaSQ/jxitkfzF0zHqd4wYsIHJFVOedajpgZtpPuJadxWpob1WTrKFXu4O5Ox+lsvbWh8x3ReXTxGiCruzaCVM3TSj9derkAwLOVsERruAPRP0E7/sHo1E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:subject:message-id:reply-to:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=LVE0BAL629W1c0eR6Ku3nkoGVjLSKgeIttGCpwUIho9c/8Hlrsvf4NThWyIsbnqPFqEQImdjjFBOFf/E25kAAw3AgAok8+sowoaVU5M6UaztI3mY4TAymYcA0PTo5qcI4BOPWZZBg99LD3ZEeUN5es9AzwaaUnw3WN4bNiP36jk= Received: by 10.141.78.14 with SMTP id f14mr2303074rvl.1194865373250; Mon, 12 Nov 2007 03:02:53 -0800 (PST) Received: from saraswathy.susmita.org ( [59.92.40.46]) by mx.google.com with ESMTPS id k2sm11399016rvb.2007.11.12.03.02.51 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 12 Nov 2007 03:02:52 -0800 (PST) Received: by saraswathy.susmita.org (Postfix, from userid 1002) id A5E5D143E7; Mon, 12 Nov 2007 16:32:47 +0530 (IST) Date: Mon, 12 Nov 2007 16:32:47 +0530 From: Girish Venkatachalam To: freebsd-questions@freebsd.org Message-ID: <20071112110247.GB14109@saraswathy.susmita.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <53330.192.168.13.8.1194786209.squirrel@www.boosten.org> <20071111144325.GA3433@saraswathy.susmita.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20071111144325.GA3433@saraswathy.susmita.org> User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: Quick question about PF and ALTQ X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: girishvenkatachalam@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2007 11:03:06 -0000 On 14:03:29 Nov 11, Peter Boosten wrote: > Hi all, > > One quick question: is it possible to filter specific kinds of traffic > with altq, traffic that is not bound to specific IP addresses, like online > radio? > Looks like I finally understood what you want. You want to block the protocol from/to *any* IP address. This is easily done. block all pass out all to { http smtp ftp } This is a very "cruel" ruleset. :) Instead you actually want this one. nonbusiess= "{" 522 bittorrent ... "}" block quick drop out all to port $nonbusiness As you can see using pf, you can leave out anything. That is the power of this marvelous creation. It gives tremendous power to firewalls. In fact I would venture to say it is the best software available for firewalling functionality. Best, Girish