Regarding string matching for iptables... it has been a while since my last use of this feature.. but I strongly discourage you to use that extention!! It breaks tha tcp handshaking, because it resets the connection before final ack. It could bring you to a DoS in a little time...
Sorry if something is changed in the code, in the meanwhile...
Bye
On 2/28/06, Randy B <[EMAIL PROTECTED]
> wrote:
I'll bite; I'm not entirely familiar with pf, so [some of] these may
be red herrings:
- match extensions: recent, mark, layer7, multiport
- target extensions: connmark, ulog, route, tarpit, TTL, mirror
(added back myself)
- string match & mangling are nice, but I don't use them [yet].
I must admit, I've not been using pfSense for a few weeks - stuck my
PIX-515 out front to mess with 7.11, but am beginning to give up on
figuring out a couple of things.
I've also entertained the idea of [when I get free time ;-)] sitting
down and trying to externalize the commands pfSense's GUI uses in an
attempt to make it multi-platform, if not with some wrappers. I just
don't have any time right now - if I know my own style, I figure some
BSD-specific stuff is tied pretty tightly in there.
On 2/27/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> On 2/27/06, Adam Gibson < [EMAIL PROTECTED]> wrote:
> > Gregory Machin wrote:
> > > Hi
> > > Please could you advise / confirm that the php interface and it's
> > > acociated code are under bsd licience ?
> > > As i would like to port it to linux for use on my vpn servers ..
> >
> > If you get anywhere are are ok with releasing any part of the source,
> > let me know. There are some features of iptables that I would like to use.
> >
>
> like?
>
> --Bill
>
