Looking to do something like an "overload" to add systems to a table but with a block filter and not a pass filter.
Basically, at one account, file-sharing software is prohibited. But since most systems are user owned and not corporate owned, plus the fact that many of them are portable notebooks, there is little control, outside of access privileges, to stop such nonsense. The popular products today seem to use ports 6346:6349. Maybe there's a possibility they do some port hopping beyond that. So the plan would be to block these ports (this is already being done), but then to add systems that attempt to use these ports to a table in order to completely block their net access. The users will then complain of connectivity issues and they can then be reminded that file sharing software is not allowed. Is there a way, like "overload", to have systems attempting to access blocked ports added to a table? An awkward construct like a pass filter followed by a block filter probably wouldn't work either because max-src-conn must be greater than 0 and the block filter would prevent any connections. Thanks. Chris