On 03 août 2007, at 10:31, Fai Cheng wrote:
I don't think this is impossible. depends on how you could
configure the
firewall. If you can block all traffics but allow those only you
need. (e.g.
to your partner site only, deny all outgoing traffic)
this is a good solution (technically speaking), but unless your
working in a very tight security environment, you might prefer
education over extensive blocking.
Modify the DNS / hosts files is a trick way but its work.
as long as the user won't put is own hosts file on his system.
but you have to
know what is behind the host. e.g. they can use orkut.l.google.com
instead
of www.orkut.com. So the white list approach is easier to handle.
(If you
can)
sure.
Of course different proxy (e.g. running proxy in 80 or 443 port) is
hard to
block, this case you need to monitor the traffic and see any ppl go to
specific host with large amount of traffic. So you may notice the
problems.
not hard, just impossible (in a blacklist context), because there is
no way you can know every proxy/anonymizer. It's exactly the same a
fighting spam. You block something, the spammer will find his way in
again, you block it again, etc.
patpro
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
