Re[2]: String Match

2005-11-16 Thread vladone
Your point of view is (my opinion) wrong. All clients pay same money, so, use bandwidth how they want. U need to make settings, to be shure that all users receive same bandwidth (according with contract of course), but u not have any rights to limit some traffic. If i want to use p2p is my

Re: String Match

2005-11-16 Thread Cesar
again Cesar - Original Message - From: vladone [EMAIL PROTECTED] To: freebsd-ipfw@freebsd.org Sent: Wednesday, November 16, 2005 8:24 AM Subject: Re[2]: String Match Your point of view is (my opinion) wrong. All clients pay same money, so, use bandwidth how they want. U need to make

RES: String Match - Oliver Opinion

2005-11-11 Thread Pedro Paulo de Magalhaes Oliveira Junior
I think Oliver is wrong. The behavior he describe is not an excuse to do not have this feature to the guys who use it in Linux. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/166 - Release Date: 10/11/2005

Re: String Match

2005-11-11 Thread Oliver Fromme
Cesar [EMAIL PROTECTED] wrote: Its not a bad ideia since I see a lot of people searching for P2P traffic control/shaper. I'm operating an ISP with 3000 broadband users ... And yes. I can call they untrusted, but this is not the point. In that case I'm thankful that I'm not your

RE: String Match (Cesar)

2005-11-10 Thread Pedro Paulo de Magalhaes Oliveira Junior
IMHO this is the main disadvantage of FreeBSD and IPFW. Sure Linux has a better support on string match for IPS. -- Message: 1 Date: Wed, 9 Nov 2005 11:52:35 -0300 From: Cesar [EMAIL PROTECTED] Subject: String Match

Re: String Match

2005-11-10 Thread Cesar
Sorry for my bad explanation ... I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use a modification in linux kernel/iptables some kind of string match to identify P2P traffic. Nowadays I use port based rules to limit P2P traffic, which is not a good solution since most

Re: String Match

2005-11-10 Thread Cesar
traffic ... And as I know, ipfw can't do this. And maybe this kind of string match can become useful to other things. Cesar - Original Message - From: Oliver Fromme [EMAIL PROTECTED] To: freebsd-ipfw@FreeBSD.ORG Sent: Thursday, November 10, 2005 12:55 PM Subject: Re: String Match

Re: String Match

2005-11-10 Thread Max Laier
On Wednesday 09 November 2005 15:52, Cesar wrote: An interesting thing in iptables is that option to match strings, like this example: iptables -A FORWARD -p TCP -m string --string BitTorrent protocol -j REJECT --reject-with tcp-reset iptables -A FORWARD -p TCP -m string --string GET

Re: String Match

2005-11-10 Thread Darcy Buskermolen
On Thursday 10 November 2005 11:23, Max Laier wrote: On Wednesday 09 November 2005 15:52, Cesar wrote: An interesting thing in iptables is that option to match strings, like this example: iptables -A FORWARD -p TCP -m string --string BitTorrent protocol -j REJECT --reject-with tcp-reset