Alexandre DELAY wrote:
I am looking for an efficient way to filter different protocols, such as edonkey or BEEP. For the moment, I think that ipfw doesn't support it.
Sure it does. Start with "deny all" [1] and then add the minimum required open ports, preferably only for a proxy server that the clients are required to use for all outside access. Specificly, look at and combine the closed and simple firewall types in /etc/rc.firewall.
You might also try to use bandwidth shaping to prioritize P2P behind more useful traffic like VOIP.
Don't you think that it would be a nice thing to be able to include such "filters" from, for example, ethereal? Ethereal support more than 34k different protocols. It woul be nice to be able to choose from those filters and to apply some rules according to those filters.
You're talking about a reactive IDS. You can rig them up using scripts which monitor logfiles, or something like /usr/ports/security/snort.
However, I prefer to use IDS for traffic I permit but want to monitor, not traffic I already know I want to block.
-- -Chuck _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
