Date: Tue, 30 Aug 2005 15:50:47 -0400 From: Charles Swiger <cswiger@mac.com> To: dandee@volny.cz Cc: freebsd-current@freebsd.org Subject: Re: Application layer firewall on FreeBSD, is it possible ? Message-ID: <8DC722F7-1946-4CE3-B4B9-A6F8624CE9A3@mac.com> In-Reply-To: <20050830185851.ECF554E704@pipa.profix.cz> References: <20050830185851.ECF554E704@pipa.profix.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 30, 2005, at 2:58 PM, Daniel Dvo=C5=99=C3=A1k wrote: > let me ask you for task "how to control p2p applications and their =20 > traffic > with dynamic ports from user=C2=B4s commputers on gateway". > > We are small wireless community and have shared access to internet =20 > for all > members. Core members decided to control p2p traffic by default and =20= > to allow > each person in individual way, after showing their knowledge of =20 > authorial low. :) > > But since many dc hubs, edonkey servers, bittorents web trackers =20 > and so on > use dynamic not standard ports, how to control it ? Start with a "deny all" policy, and use L7 proxies like squid for the =20= specific protocols like HTTP which you want to permit. If you're =20 really serious about controlling the traffic, don't let your router =20 talk to anything but your proxy server in order to be certain that =20 the client machines have to go through that. --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8DC722F7-1946-4CE3-B4B9-A6F8624CE9A3>