yeah it is overkill for basic fw requirements. i'd settle with PFSense for less hassle, speedy deployments but granted it's not a linux distro. Untangle fits the bill as well.
Pero kung gusto ka magpractice IOS-style commands, Vyatta is a pretty close mimic :D for simulation purposes. On Tue, Nov 10, 2009 at 12:13 AM, Jorge T. Monzor III <[email protected]>wrote: > @hardwyrd > That's overkill, but very nice. :) > > @Jess Pepito > Packet filter should work on allowing or disallowing (block or > pass) torrent traffic since it's using Layer 3 (IP, ipv4 & ipv6) and > Layer 4 (TCP,UDP and ICMP) when inspecting packets. > > Take note that filter rules are in sequential order (first to > last), meaning the last rule to match will dictate what action (block > or pass) on the packet. > > For a linux router, ill take on hardwyrd's list, vyatta is > very promising and can match to cisco firewall ios. > > Thanks, > Jorge T. Monzor III > > > On Sat, 7 Nov 2009 23:08:51 +0800 > hard wyrd <[email protected]> wrote: > > > On PFSense, filter the torrent search engines, then enable traffic > > shaping and then add traffic shaping rules for torrents. In our case > > we gave 1% of the bandwidth to torrents. Traffic Shaper on PFSense is > > a very good friend. We've done wonders using it in putting wayward > > usage in proper order. > > > > We also created groups for torrent search engines, created blocking > > rules on the WAN side to block access to torrent search engines. > > > > Hope these clues help. > > > > On Sat, Nov 7, 2009 at 5:58 PM, Jess Pepito <[email protected]> > > wrote: > > > > > Salamat sa mga tubag ninyo, akong gi testingan sa una ang PFSENSE > > > pero ang problema kai dili ga ka filter ang mga torrent, anyway > > > aggree ko inyong mga tubag nga mag gamit og SQUID og router nga > > > DUAL ang WAN, pero mas ganahan ko kung ang akong router PC running > > > Linux distro. > > > > > > Daghan salamat sa inyong mga tubag! > > > > > > > > > > > > ------------------------------ > > > *From:* hard wyrd <[email protected]> > > > *To:* Kagay-Anon Linux Users' Group (KLUG) Mailing List < > > > [email protected]> > > > *Sent:* Sat, November 7, 2009 9:07:12 AM > > > *Subject:* Re: [klug] HOW TO CREATE RULES USING IPTABLES > > > > > > My take is on this is that : > > > > > > 1. I dont think you can filter TLDs (top level domains) using > > > IPTABLES. 2. some (or a lot) of websites share the same IP address > > > and it might be that the rules might alienate your users more so > > > than protecting them. 3. use a dual-WAN router with load balancing > > > enabled. There are linux distros that you can use for that specific > > > purpose - take Vyatta for example. Or if you want you can go > > > PFSense if you wont mind using a BSD-based distro. > > > 4. Use squid for filtering URLs. > > > > > > Well, I may not be right on all points. However, I believe it's > > > still a step in the right direction. > > > > > > > > > > > > On Sat, Nov 7, 2009 at 7:58 AM, Jess Pepito <[email protected]> > > > wrote: > > > > > >> Kumusta sa tanan!!! > > >> > > >> Patabang unta ko og create og IPTABLES RULES nga mo filter og > > >> website nga ma access of workstation nga maka access sa internet > > >> nga naay load balancing sa 2 ka internet provider ani akong gusto > > >> mahitabo. > > >> > > >> Load Balancing: > > >> ETH0 = Internet (Globle) > > >> ETH1 = Internet (Smart Bro) > > >> > > >> ETH2 = LAN (192.168.1.1) > > >> > > >> Workstation (IP 192.168.1.X) > > >> > > >> Filter nga site: > > >> 1. Porn Site > > >> 2. Torrent Site > > >> 3. Chat > > >> > > >> Kung naa moy suggestion ani palihug lang og comment dinhi og kung > > >> si kinsa man ang maka hatag og idea og unsaon nako with tutorial > > >> or sample iptables rules.. mag pasalamat ko daan!! > > >> > > >> SALAMAT!!! > > >> > > >> > > >> > > >> > > >> > > > > > > > > > -- > > > Penguin, penguin, and more penguin. > > > > > > Believe that within the brain is a brain, and within it another > > > brain, and so on and so forth. > > > > > > > > > _________________________________________________ > > > Kagay-Anon Linux Users' Group (KLUG) Mailing List > > > [email protected] > > > (http://lists.linux.org.ph/mailman/listinfo/klug) Searchable > > > Archives: http://archives.free.net.ph > > > > > > > > > > _________________________________________________ > Kagay-Anon Linux Users' Group (KLUG) Mailing List > [email protected] (http://lists.linux.org.ph/mailman/listinfo/klug) > Searchable Archives: http://archives.free.net.ph > -- Penguin, penguin, and more penguin. Believe that within the brain is a brain, and within it another brain, and so on and so forth.
_________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://lists.linux.org.ph/mailman/listinfo/klug) Searchable Archives: http://archives.free.net.ph
