IMHO this is the main disadvantage of FreeBSD and IPFW. Sure Linux has a better support on string match for IPS.
---------------------------------------------------------------------- Message: 1 Date: Wed, 9 Nov 2005 11:52:35 -0300 From: "Cesar" <[EMAIL PROTECTED]> Subject: String Match To: <freebsd-ipfw@freebsd.org> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original An interesting thing in iptables is that option to match strings, like this example: iptables -A FORWARD -p TCP -m string --string "BitTorrent protocol" -j REJECT --reject-with tcp-reset iptables -A FORWARD -p TCP -m string --string "GET /announce" -j REJECT --reject-with tcp-reset Did anyone wrote a similar patch to ipfw? or ... Is this something desirable to ipfw which the developers will put in the future? Thanks ------------------------------ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/163 - Release Date: 8/11/2005 _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"