gionnico wrote: > This is my question: is it possible to block outgoing traffic and to > allow only gtk-gnutella with a good SPI firewall (iptables), that > doesn't know the application that generated it?
On the same machine, the packet filter can determine the application and the user of each outbound packet, so you could restrict it appropriately locally. A router does not have this information and you cannot filter outbound traffic just by looking at the port numbers without degrading service. Outbound UDP traffic can be limited to the source port number that your peer uses. Outbound TCP traffic will either have the source port number of your peer or an anonymous source port number above 1023 (usually something above 32000). -- 1000 octets = 1 ko = 1 kilooctet; 1024 octets = 1 Kio = 1 kibioctet 1000^2 octets = 1 Mo = 1 megaoctet; 1024^2 octets = 1 Mio = 1 mebioctet 1000^3 octets = 1 Go = 1 gigaoctet; 1024^3 octets = 1 Gio = 1 gibioctet ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ gtk-gnutella-devel mailing list gtk-gnutella-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
