Re: String Match

Thu, 10 Nov 2005 09:07:50 -0800

Its not a bad ideia since I see a lot of people searching for P2P traffic control/shaper.
I'm operating an ISP with 3000 broadband users ... And yes. I can call they untrusted, but this is not the point. 


With ipfw I can do per IP traffic shaping, but what about if I can limit a 
IP in 256kbps and say that this IP will be able to use only 128Kbps for P2P 
traffic.
As I said, I do this nowadays creating rules based on P2P ports, as well as 
m0n0wall do. However it is not efficient as iptables is.



I tried a linux based system ( Mikrotik ) to limit P2P and it matched almost 
100% of P2P traffic ... And as I know, ipfw can't do this.


And maybe this kind of string match can become useful to other things.

Cesar


----- Original Message ----- 
From: "Oliver Fromme" <[EMAIL PROTECTED]>

To: <freebsd-ipfw@FreeBSD.ORG>
Sent: Thursday, November 10, 2005 12:55 PM
Subject: Re: String Match



Cesar <[EMAIL PROTECTED]> wrote:
>
> Sorry for my bad explanation ...
>

> I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use 
> a

> modification in linux kernel/iptables some kind of "string match" to
> identify P2P traffic.

Which is basically a bad idea, as I have explained in my
previous mail.


> Nowadays I use port based rules to limit P2P traffic, which is not a 
> good

> solution since most of P2P programs are using random ports.

May I ask why do you need to do that?  Are you operating
an internet router for untrusted users?

Best regards
  Oliver

--
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"I invented Ctrl-Alt-Delete, but Bill Gates made it famous."
       -- David Bradley, original IBM PC design team
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to