[pfSense Support] Filtering streaming - peer to peer - instant messaging
Hello, I am about to answer a public tender and am looking for a reliable open-source filtering solution. I need to filter layer 3 and 4 of TCP/IP stack (TCP and Application layer) specially for stream such as Peer to Peer - IM - Streaming - Virus. I was wondering if PFSense could do this kind of packet inspection work and how (from my reading It looks like the answer is no). Maybe there are some third party solution that could be incorporated and used… If not I would be interested in a pointer to another OpenSource project with similar facilities. Any experience feed-back is also very welcome. Thanks for your support. Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering streaming - peer to peer - instant messaging
Can't do layer 4 yet, but i read somewhere some work is being done on it, maybe in pfsense 2.0. A sorta work around could be forcing all the clients to use pfSense as their DNS. Then use opendns.org as your dns resolver. This should prevent a lot of the torrent and other bad sites from resolving to anything. Adam bsd wrote: Hello, I am about to answer a public tender and am looking for a reliable open-source filtering solution. I need to filter layer 3 and 4 of TCP/IP stack (TCP and Application layer) specially for stream such as Peer to Peer - IM - Streaming - Virus. I was wondering if PFSense could do this kind of packet inspection work and how (from my reading It looks like the answer is no). Maybe there are some third party solution that could be incorporated and used… If not I would be interested in a pointer to another OpenSource project with similar facilities. Any experience feed-back is also very welcome. Thanks for your support. Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ Information from ESET NOD32 Antivirus, version of virus signature database 4237 (20090712) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering streaming - peer to peer - instant messaging
On Wed, Jul 15, 2009 at 8:48 AM, bsdb...@todoo.biz wrote: Hello, I am about to answer a public tender and am looking for a reliable open-source filtering solution. I need to filter layer 3 and 4 of TCP/IP stack (TCP and Application layer) specially for stream such as Peer to Peer - IM - Streaming - Virus. You have your layers wrong. L3 (IPs) and L4 (protocol, TCP, UDP, GRE, ESP, etc.) are fully supported. I presume you mean higher layers, identifying what traffic is based on the actual payload rather than L3/4 header. 2.0 does have some application intelligence but that's not an option for immediate use. There aren't any similar open source options that do have that kind of functionality unless you build it yourself. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: Re: [pfSense Support] Filtering streaming - peer to peer - instant messaging
Not to take anything away from pfSense. Because pfSense rocks at layer 2 3. But you might look at IPcop w/ L7-filter. http://l7-filter.sourceforge.net/ http://www.ipcop.org/index.php?module=pnWikkatag=IPCopAddons In fact we use pfSense with this very same add-on(s) (IPcop L7-Filter) at several clients to address this exact scenario. HTH -- David L. Strout Engineering Systems Plus, LLC - Original Message - SUBJECT: Re: [pfSense Support] Filtering streaming - peer to peer - instant messaging FROM: ...@pfsense.org TO: supp...@pfsense.com DATE: 07-15-2009 2:44 pm On Wed, Jul 15, 2009 at 8:48 AM, bsd wrote: Hello, I am about to answer a public tender and am looking for a reliable open-source filtering solution. I need to filter layer 3 and 4 of TCP/IP stack (TCP and Application layer) specially for stream such as Peer to Peer - IM - Streaming - Virus. You have your layers wrong. L3 (IPs) and L4 (protocol, TCP, UDP, GRE, ESP, etc.) are fully supported. I presume you mean higher layers, identifying what traffic is based on the actual payload rather than L3/4 header. 2.0 does have some application intelligence but that's not an option for immediate use. There aren't any similar open source options that do have that kind of functionality unless you build it yourself. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Filtering streaming - peer to peer - instant messaging
And again... not to take away from pfsense. But untangle has some filtering. ( I actually use pfsense for our firewall/vpn/routing etc... and untangle for web/protocol filtering) As a firewall it is severely lacking, but is a half decent web/protocol filter - at least for those that are free. www.untangle.com -Tim -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Wednesday, July 15, 2009 11:44 AM To: support@pfsense.com Subject: Re: [pfSense Support] Filtering streaming - peer to peer - instant messaging On Wed, Jul 15, 2009 at 8:48 AM, bsdb...@todoo.biz wrote: Hello, I am about to answer a public tender and am looking for a reliable open-source filtering solution. I need to filter layer 3 and 4 of TCP/IP stack (TCP and Application layer) specially for stream such as Peer to Peer - IM - Streaming - Virus. You have your layers wrong. L3 (IPs) and L4 (protocol, TCP, UDP, GRE, ESP, etc.) are fully supported. I presume you mean higher layers, identifying what traffic is based on the actual payload rather than L3/4 header. 2.0 does have some application intelligence but that's not an option for immediate use. There aren't any similar open source options that do have that kind of functionality unless you build it yourself. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
