Rob Kruit wrote:
> Sounds really great unfortunately I do not have enough experience to
> implement such a solution with Linux.
Bah, it's documented as well as anything else.
> The port filtering solution I provided
> actually is very effective as it blocks any outgoing connections from the
> client to ports other than 21,80 and 110 it would not allow anyone to
> download from the client pc and it would not allow the client to make any
> outgoing connections to port other then 80, 21 and 110 effectively blocking
> about 99% of the p2p downloads since only a few people have their p2p client
> running on one of those ports. This is a solution that is used with many
> commercial firewall (only open what you have to use) and has proven very
> effective. However it also greatly reduces the flexibility of your internet
> connection. But if m0n0wall is ever going to support packet content matching
> I will definitely going to use it!
The real problem with L7 filtering on embedded devices is the resource
usage. The second problem may be porting existing functionality to
BSD/m0n0wall. I'd guess there are more pressing items to be developed
than this ATM.