Alexandre D. wrote:
The answer is not so easy. P2P is not only based on port numbers. The P2P detection is quite difficult, and maybe impossible.
Not at all. Start with "deny all", and only allow stuff through which you really need to allow. Blocking all outbound client traffic and requiring them to go through a proxy on the LAN is adequate.
My own position is that ipfw is not able to block P2P
Besides, the word was "control". You can shunt all high-priority stuff (NTP, DNS, ICMP) into one queue, and put HTTP, FTP, 6667, etc on a low-priority queue via dummynet, and/or adjust the permitted bandwidth.
-- -Chuck _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
