From owner-freebsd-pf@FreeBSD.ORG Thu Jul 14 18:46:25 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 069D416A41C for ; Thu, 14 Jul 2005 18:46:25 +0000 (GMT) (envelope-from alex-bsd@yandex.ru) Received: from camay.yandex.ru (camay.yandex.ru [213.180.200.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C1DD43D45 for ; Thu, 14 Jul 2005 18:46:24 +0000 (GMT) (envelope-from alex-bsd@yandex.ru) Received: from YAMAIL (camay.yandex.ru) by mail.yandex.ru id ; Thu, 14 Jul 2005 22:46:20 +0400 Date: Thu, 14 Jul 2005 22:46:20 +0400 (MSD) From: "alex-bsd" Sender: alex-bsd@yandex.ru Message-Id: <42D6B2FC.000001.25118@camay.yandex.ru> MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] Errors-To: alex-bsd@yandex.ru To: daniel@benzedrine.cx In-Reply-To: <20050713084351.GA20314@insomnia.benzedrine.cx> References: <42D102E0.000001.03838@ariel.yandex.ru> <20050713084351.GA20314@insomnia.benzedrine.cx> X-Source-Ip: 83.237.105.78 Content-Type: text/plain; charset="KOI8-R" Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: PF & BLOCK MP3 (AVI) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: alex-bsd@yandex.ru List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 18:46:25 -0000 Hello Daniel, Most likely, we not absolutely understand each other. I would be very glad if there was an opportunity to add in PF feature which possesses IPTABLES. On a gateway for a local network in rules of firewall it is possible to add a following line: -A FORWARD -s 192.168.x.x -p tcp -m string --string ".mp3" -j DROP If the internal client of this network requests a resource with name containing ".mp3" he will not receive the answer (www.mp3.com, www.music.com/Mozart.mp3, etc.). Accordingly similar is possible to make with words "porno" "avi" and etc. I do not consider that it is 100 % protection against uploading by users mp3 files. Certainly, there are ways for detour of similar interdictions created both by proxy-servers and by firewall. However in most cases this rule will be enough. I do not see sense in the bet offered by you as there is a talk a little about other! Certainly, clever and talented person as you are will find a way to bypass interdiction!!! P.S. If for any reasons, it is not possible to do so, “c'est la vie” Best regards Alex