Date: Fri, 17 Jun 2005 15:58:24 -0400 From: Chuck Swiger <cswiger@mac.com> To: "Alexandre D." <alexandre.delay@free.fr> Cc: freebsd-ipfw@freebsd.org, Gilberto Villani Brito <linux@giboia.org> Subject: Re: Pipes. Message-ID: <42B32B60.5060208@mac.com> In-Reply-To: <MAEBLPAGHGPMOKCBICBNMEDJCGAA.alexandre.delay@free.fr> References: <MAEBLPAGHGPMOKCBICBNMEDJCGAA.alexandre.delay@free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexandre D. wrote: > The answer is not so easy. > P2P is not only based on port numbers. > The P2P detection is quite difficult, and maybe impossible. Not at all. Start with "deny all", and only allow stuff through which you really need to allow. Blocking all outbound client traffic and requiring them to go through a proxy on the LAN is adequate. > My own position is that ipfw is not able to block P2P Besides, the word was "control". You can shunt all high-priority stuff (NTP, DNS, ICMP) into one queue, and put HTTP, FTP, 6667, etc on a low-priority queue via dummynet, and/or adjust the permitted bandwidth. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B32B60.5060208>