On 5/4/06, Pedro Paulo de Magalhaes Oliveira Junior <[EMAIL PROTECTED]> wrote:
Hello, I'm thinking about developing an IPS to pfsense. Does anybody knows how to kill tcp connection or udp connection in pf based in string match?
For specific states, to use pf(4) to kill it you will need to add another ioctl - else the closest is to use the DIOCKILLSTATES ioctl that will kill all states to/from a given host or between a src/dest pair. Else, just send a RST with the appropriate sequence numbers (snort I believe has an option for this - or maybe that was an addon patch, don't recall).
I know Bill was doing something in this direction but maybe I can help if he give me some pointers.
I was mainly working on this for traffic shaping. I already have all the kernel and userland code complete to see what queue a given state is in. I haven't written anything yet to update that queue (that would require another ioctl - same one you'd need) as I've been sidetracked on other stuff and this wouldn't have ever made 1.0 anyway. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
