IMHO this is the main disadvantage of FreeBSD and IPFW.
Sure Linux has a better support on string match for IPS.
--
Message: 1
Date: Wed, 9 Nov 2005 11:52:35 -0300
From: Cesar [EMAIL PROTECTED]
Subject: String Match
To:
Sorry for my bad explanation ...
I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use a
modification in linux kernel/iptables some kind of string match to
identify P2P traffic.
Nowadays I use port based rules to limit P2P traffic, which is not a good
solution since most of
Its not a bad ideia since I see a lot of people searching for P2P traffic
control/shaper.
I'm operating an ISP with 3000 broadband users ... And yes. I can call they
untrusted, but this is not the point.
With ipfw I can do per IP traffic shaping, but what about if I can limit a
IP in
On Wednesday 09 November 2005 15:52, Cesar wrote:
An interesting thing in iptables is that option to match strings, like this
example:
iptables -A FORWARD -p TCP -m string --string BitTorrent protocol -j
REJECT --reject-with tcp-reset
iptables -A FORWARD -p TCP -m string --string GET
On Thursday 10 November 2005 11:23, Max Laier wrote:
On Wednesday 09 November 2005 15:52, Cesar wrote:
An interesting thing in iptables is that option to match strings, like
this example:
iptables -A FORWARD -p TCP -m string --string BitTorrent protocol -j
REJECT --reject-with tcp-reset