On 10:24 Wed 23 Jul , Craig Main wrote: > Is there a firewall solution that can block traffic based on file type, > and I am also looking for a solution to get stats for type of traffic > traversing a firewall (ie: smtp, pop, imap, http....etc)
With snort-inline you have a new iptables target "QUEUE" which passes packets to the IDS snort. Here you can define rules based on the content of the stream and block (and log) unwanted packets. Snort and snort-inline are often used in a honeynet environment. -- [EMAIL PROTECTED] mailing list