Date: Tue, 30 Aug 2005 15:50:47 -0400 From: Charles Swiger <cswiger@mac.com> To: dandee@volny.cz Cc: freebsd-current@freebsd.org Subject: Re: Application layer firewall on FreeBSD, is it possible ? Message-ID: <8DC722F7-1946-4CE3-B4B9-A6F8624CE9A3@mac.com> In-Reply-To: <20050830185851.ECF554E704@pipa.profix.cz> References: <20050830185851.ECF554E704@pipa.profix.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 30, 2005, at 2:58 PM, Daniel Dvořák wrote: > let me ask you for task "how to control p2p applications and their > traffic > with dynamic ports from user´s commputers on gateway". > > We are small wireless community and have shared access to internet > for all > members. Core members decided to control p2p traffic by default and > to allow > each person in individual way, after showing their knowledge of > authorial low. :) > > But since many dc hubs, edonkey servers, bittorents web trackers > and so on > use dynamic not standard ports, how to control it ? Start with a "deny all" policy, and use L7 proxies like squid for the specific protocols like HTTP which you want to permit. If you're really serious about controlling the traffic, don't let your router talk to anything but your proxy server in order to be certain that the client machines have to go through that. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8DC722F7-1946-4CE3-B4B9-A6F8624CE9A3>