From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 15:06:05 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0A8A16A4E2 for ; Sat, 12 Aug 2006 15:06:05 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 270EF43D49 for ; Sat, 12 Aug 2006 15:06:05 +0000 (GMT) (envelope-from phoemix@harmless.hu) Received: from localhost (localhost [127.0.0.1]) by marvin (Postfix) with ESMTP id CD1FC20001CC; Sat, 12 Aug 2006 17:06:03 +0200 (CEST) Received: from marvin.harmless.hu ([127.0.0.1]) by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02037-09; Sat, 12 Aug 2006 17:06:03 +0200 (CEST) Received: by marvin (Postfix, from userid 1000) id 30F0B20001CB; Sat, 12 Aug 2006 17:06:03 +0200 (CEST) Date: Sat, 12 Aug 2006 17:06:03 +0200 To: beno Message-ID: <20060812150603.GA16529@marvin.harmless.hu> References: <44DDECDB.1070806@2012.vi> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: <44DDECDB.1070806@2012.vi> User-Agent: Mutt/1.5.9i From: phoemix@harmless.hu (Gergely CZUCZY) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu Cc: freebsd-pf@freebsd.org Subject: Re: How Tag/Mark Up Media Packets? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 15:06:05 -0000 --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Sat, Aug 12, 2006 at 10:59:39AM -0400, beno wrote: > Hi; > Is it possible to define packets according to the media type (pdf, mp3) > that they request/send? that requires an application-level firewall. think of a keepalive HTTP request. the items sent back are the following: the html page, 3 images, an mp3 music theme for the site, 5 flash animations, and a pdf at last. there are multiple contencts in a single connection. even a single tcp packet could share two or more type of contents. think of it... pf itself is a packet-level firewall. any application-level extensions are in the userland, like the ftp-proxy. > Also, what does *ssh* mean here? I would have expected a macro or a port > number: > pass out on fxp0 from any to any port 22 queue ssh ssh means 22/tcp, mostly. i would add proto tcp... Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise. --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE3e5bbBsEN0U7BV0RAjkVAKDk3BKk1gBG/LokLW8kVZELqKKwjgCcD5ZK EEwFgPqf9Wn2MsMbHdZJAGw= =adMg -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--