|
||||||||
Rob Kruit wrote: > Sounds really great unfortunately I do not have enough experience to > implement such a solution with Linux. Bah, it's documented as well as anything else. > The port filtering solution I provided > actually is very effective as it blocks any outgoing connections from the > client to ports other than 21,80 and 110 it would not allow anyone to > download from the client pc and it would not allow the client to make any > outgoing connections to port other then 80, 21 and 110 effectively blocking > about 99% of the p2p downloads since only a few people have their p2p client > running on one of those ports. This is a solution that is used with many > commercial firewall (only open what you have to use) and has proven very > effective. However it also greatly reduces the flexibility of your internet > connection. But if m0n0wall is ever going to support packet content matching > I will definitely going to use it! The real problem with L7 filtering on embedded devices is the resource usage. The second problem may be porting existing functionality to BSD/m0n0wall. I'd guess there are more pressing items to be developed than this ATM. DS |