Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Jun 2010 14:51:00 +1000
From:      "John Lists Tate" <john-lists@johntate.org>
To:        "'Michael Proto'" <mike@jellydonut.org>, "'Peter Maxwell'" <peter@allicient.co.uk>
Cc:        freebsd-pf@freebsd.org
Subject:   RE: can pf block a string ? or better, to limit it ?
Message-ID:  <010101cb1358$d92b3b50$8b81b1f0$@org>
In-Reply-To: <AANLkTilBWj_tA7-ECbzKLz3hkZDPwo6HmBWnRe-yiS_K@mail.gmail.com>
References:  <AANLkTima26GreX5jtmdJiR2FbNiB5O4ixN92oqxktTmb@mail.gmail.com>	<7114830758496124649@unknownmsgid>	<AANLkTimN_9x-cQiF12bQdIjtHa7BjM6kMoEfsjcjcKLH@mail.gmail.com>	<AANLkTinCwonuSkfbLIWfHYW53jyIC4zWNxReA4Fmn5Kh@mail.gmail.com> <AANLkTilBWj_tA7-ECbzKLz3hkZDPwo6HmBWnRe-yiS_K@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This or writing a squid redirector are probably the best way to go about =
it.
You can just redirect everything through a program with pf in any case =
and
give that program the real work.

John Tate.

-----Original Message-----
From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] =
On
Behalf Of Michael Proto
Sent: Thursday, June 24, 2010 7:11 AM
To: Peter Maxwell
Cc: freebsd-pf@freebsd.org
Subject: Re: can pf block a string ? or better, to limit it ?

On Wed, Jun 23, 2010 at 4:15 PM, Peter Maxwell <peter@allicient.co.uk>
wrote:
> Hmmm, off the top of my head: I wonder if you could use Snort and have
that
> do full packet inspection for you. =A0Then you should be able to =
script an
> alert if the string is found and call pfctl to add the offending IP
address
> to a table that blackholes it. =A0Just a thought.
>
> Or if you want to do it "properly", I'm sure you could code something
along
> the lines of a kernel module.
>

What about proxying the connection with nstreams?

http://www.freshports.org/net-mgmt/nstreams



-Proto
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010101cb1358$d92b3b50$8b81b1f0$>