From owner-freebsd-current@FreeBSD.ORG Wed Aug 31 13:12:20 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEF9216A41F for ; Wed, 31 Aug 2005 13:12:20 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 902B343D46 for ; Wed, 31 Aug 2005 13:12:20 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id 81E4C323404; Wed, 31 Aug 2005 15:12:17 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id B95F2405A; Wed, 31 Aug 2005 15:12:35 +0200 (CEST) Date: Wed, 31 Aug 2005 15:12:35 +0200 From: Jeremie Le Hen To: Stay d Message-ID: <20050831131235.GG659@obiwan.tataz.chchile.org> References: <20050830161001.343DD4E704@pipa.profix.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050830161001.343DD4E704@pipa.profix.cz> User-Agent: Mutt/1.5.9i Cc: freebsd-current@freebsd.org Subject: Re: Application layer firewall on FreeBSD, is it possible ? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Aug 2005 13:12:21 -0000 Hi, [ this is not the correct list ask this kind of question, please use -net@ ] > let me ask you for task "how to control p2p applications and their traffic > with dynamic ports from user?s commputers on gateway". > > We are small wireless community and have shared access to internet for all > members. Core members decided to control p2p traffic by default and to allow > each person in individual way, > after showing their knowledge of authorial low. :) > > But since many dc hubs, edonkey servers, bittorents web trackers and so on > use dynamic not standard ports, how to control it ? > > Linux use l7-filter http://sourceforge.net/projects/l7-filter sourceforge > freeware and , it is based on iptables, defination application protocols > like ethereal project do. > > So, is there any way to do same application layer osi model firewall with > FreeBSD gateway ? > > Of course, I tried to find on web, I have not been successful in searching > so far. No this is not possible and not indented to be someday. See this these messages for answers : http://lists.freebsd.org/pipermail/freebsd-pf/2005-July/001227.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-July/001262.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-July/001287.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-July/001288.html And this thread : http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-March/thread.html#996 Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >