Date: Tue, 30 Aug 2005 17:44:12 -0700 (PDT) From: Jon Dama <jd@ugcs.caltech.edu> To: dandee@volny.cz Cc: freebsd-current@freebsd.org Subject: RE: Application layer firewall on FreeBSD, is it possible ? Message-ID: <Pine.LNX.4.53.0508301741230.20467@riyal.ugcs.caltech.edu> In-Reply-To: <20050831001504.B6E984E704@pipa.profix.cz> References: <20050831001504.B6E984E704@pipa.profix.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
I do not think this is possible with an existing "shrink-wrapped" solution. Though, one would expect that it would be a relatively trivial matter to make a userland application from the linux application filter and then use the tun/tap(4) driver. -Jon On Wed, 31 Aug 2005, [iso-8859-2] Daniel Dvo=F8=E1k wrote: > Okay, thank you for advise. Maybe I did not understand fully but ... > > ... but you know, proxy is not what I am asking, proxy is not firewall. > > We do not need to restrict everything and all members. > > We like full routeable network with full access to IPv6 / IPv4 internet > without any necessary action like configure proxy clients at all pc=B4s o= ur > members. > > We only want to deny only p2p applications by default for all pc=B4s > regardless of used protocol/ports and to allow grantting access to p2p > networks each members in individual way, because we have to prevent anoth= er > letter from our ISP which was contacted by BSA that from our public IP ( > from one member in private ip space ) ... traffic ... share ... violate .= =2E. > authorial law. > > So of course it must be combination of IP and application osi model > firewall. > > Gateway server should check all packets and their contents to decide if > allowed or denied in fast way like l7-filter on Linux OS. > > So is it possible on FreeBSD OS ? > > Thanks > > Since my question here is not right like somebody told me, this is last > e-mail in this mailling list for this theme, and I send it to > freebsd-question, freebsd-ipfw and freebsd-pf mailling lists. > > Dan > > -----Original Message----- > From: owner-freebsd-current@freebsd.org > [mailto:owner-freebsd-current@freebsd.org] On Behalf Of Charles Swiger > Sent: Tuesday, August 30, 2005 9:51 PM > To: dandee@volny.cz > Cc: freebsd-current@freebsd.org > Subject: Re: Application layer firewall on FreeBSD, is it possible ? > > On Aug 30, 2005, at 2:58 PM, Daniel Dvo=F8=E1k wrote: > > let me ask you for task "how to control p2p applications and their > > traffic with dynamic ports from user=B4s commputers on gateway". > > > > We are small wireless community and have shared access to internet for > > all members. Core members decided to control p2p traffic by default > > and to allow each person in individual way, after showing their > > knowledge of authorial low. :) > > > > But since many dc hubs, edonkey servers, bittorents web trackers and > > so on use dynamic not standard ports, how to control it ? > > Start with a "deny all" policy, and use L7 proxies like squid for the > specific protocols like HTTP which you want to permit. If you're really > serious about controlling the traffic, don't let your router talk to > anything but your proxy server in order to be certain that the client > machines have to go through that. > > -- > -Chuck > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org= " > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org= " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.53.0508301741230.20467>