From owner-freebsd-pf@FreeBSD.ORG Thu Jun 24 05:13:52 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 818281065672 for ; Thu, 24 Jun 2010 05:13:52 +0000 (UTC) (envelope-from john-lists@johntate.org) Received: from hapkido.dreamhost.com (hapkido.dreamhost.com [66.33.216.122]) by mx1.freebsd.org (Postfix) with ESMTP id 52DBD8FC0A for ; Thu, 24 Jun 2010 05:13:51 +0000 (UTC) Received: from homiemail-a22.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by hapkido.dreamhost.com (Postfix) with ESMTP id 1D08B17A52A for ; Wed, 23 Jun 2010 21:51:22 -0700 (PDT) Received: from homiemail-a22.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a22.g.dreamhost.com (Postfix) with ESMTP id 139C41A8069; Wed, 23 Jun 2010 21:51:18 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=johntate.org; h=from:to:cc :references:in-reply-to:subject:date:message-id:mime-version :content-type:content-transfer-encoding; q=dns; s=johntate.org; b=nhCg8zB20OK4O8+5tV2J+jNyR6VY9uNYmgwcZ+1DBG5R0W409yAHjnRmsZAG4 QDoZoqQU/+A1F5OlNq+SD6MGv096fMQxzMwAWZ05hk2v9N0FohP69vzKIaVXfSy8 chuKW9LYtfXNMVoTP2TYz0Yjnz4oXC2+ft0OPt9oTTis/0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=johntate.org; h=from:to:cc :references:in-reply-to:subject:date:message-id:mime-version :content-type:content-transfer-encoding; s=johntate.org; bh=3w/4 VXg64gO9uflGDDq3eUNsOpE=; b=e4wxZu+0CNPM2XDUKFyk4GEZdjxYN304H8hx rVjxZcc0vNQWSLdQPq8yR18K05Ww7cQTQ7fZPK/qnOtdYpbNpT6wgJHR0UK3i0/x REtglATaWxLXhPwfcsBXgelAYFWiT/7dLLfL94JhqFVF8fpouvJ9ANj2LTkJjtAL bijBbR4= Received: from MISES (unknown [202.164.202.87]) (Authenticated sender: john-lists@johntate.org) by homiemail-a22.g.dreamhost.com (Postfix) with ESMTPA id DD63E1A8063; Wed, 23 Jun 2010 21:51:16 -0700 (PDT) From: "John Lists Tate" To: "'Michael Proto'" , "'Peter Maxwell'" References: <7114830758496124649@unknownmsgid> In-Reply-To: Date: Thu, 24 Jun 2010 14:51:00 +1000 Message-ID: <010101cb1358$d92b3b50$8b81b1f0$@org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcsTGUadal5wVd7YS3KxvK2vxBiKKQAPzhHg Content-Language: en-us Cc: freebsd-pf@freebsd.org Subject: RE: can pf block a string ? or better, to limit it ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jun 2010 05:13:52 -0000 This or writing a squid redirector are probably the best way to go about = it. You can just redirect everything through a program with pf in any case = and give that program the real work. John Tate. -----Original Message----- From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] = On Behalf Of Michael Proto Sent: Thursday, June 24, 2010 7:11 AM To: Peter Maxwell Cc: freebsd-pf@freebsd.org Subject: Re: can pf block a string ? or better, to limit it ? On Wed, Jun 23, 2010 at 4:15 PM, Peter Maxwell wrote: > Hmmm, off the top of my head: I wonder if you could use Snort and have that > do full packet inspection for you. =A0Then you should be able to = script an > alert if the string is found and call pfctl to add the offending IP address > to a table that blackholes it. =A0Just a thought. > > Or if you want to do it "properly", I'm sure you could code something along > the lines of a kernel module. > What about proxying the connection with nstreams? http://www.freshports.org/net-mgmt/nstreams -Proto _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"