> Recently it has come to our attention that bandwidth has become an issue
> with increased spotify usage throughout the company. Im looking for a way
> to block access to it in pf. the rule that i am trying is the following:
>
> table <spotify> { 78.31.8.0/22, 193.182.8.0/21 }
> block return in quick on $int_if proto tcp from 192.168.1.0/24 to <spotify>
> port 4070
>
> For whatever reason it showing that the rule is working but not really
> working. am i missing something?
>
Yes, stop trying to plug a leak in a colander by using a match stick.
Block by default by starting the policy with
Block log all
And only allow routed egress to the specific sites and services which are
directly related to a valid business requirement,
Run all browser traffic through a proxy server to categorise and inspect the
content, permitting internet access from the proxy to 80 and 443/tcp only.
For a business that describes itself as 'advanced e-commerce' you guys should
know this already, this is not rocket science.
With an open door flapping in the breeze as suggested above. If I was to
speculate, I would suggest that Spotify is the least problem you should worry
about right now.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
