From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 11 17:14:31 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50DA716A41F for ; Fri, 11 Nov 2005 17:14:31 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id A568E43D45 for ; Fri, 11 Nov 2005 17:14:30 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (dybkve@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id jABHERoH071824 for ; Fri, 11 Nov 2005 18:14:28 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id jABHERRs071823; Fri, 11 Nov 2005 18:14:27 +0100 (CET) (envelope-from olli) Date: Fri, 11 Nov 2005 18:14:27 +0100 (CET) Message-Id: <200511111714.jABHERRs071823@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <002301c5e617$fe751750$46bb1ec9@ironman> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: String Match X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Nov 2005 17:14:31 -0000 Cesar wrote: > Its not a bad ideia since I see a lot of people searching for P2P traffic > control/shaper. > > I'm operating an ISP with 3000 broadband users ... And yes. I can call they > untrusted, but this is not the point. In that case I'm thankful that I'm not your customer. My DSL provider does not restrict or limit traffic arbitrarily. If he did, I would cancel the contract and go to a different provider. (Note that I'm not using any P2P applications myself.) > I tried a linux based system ( Mikrotik ) to limit P2P and it matched almost > 100% of P2P traffic ... And as I know, ipfw can't do this. It is not IPFW's job. This does not belong in the packet filter in the kernel. Linux has a lot of crazy things, such as in-kernel HTTP server, but that doesn't mean that FreeBSD has to follow it. As Max pointed out, you can achieve the same in various ways (divert, bpf, pfil, netgraph), which are much better suited for that job. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. Passwords are like underwear. You don't share them, you don't hang them on your monitor or under your keyboard, you don't email them, or put them on a web site, and you must change them very often.