tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Layer 7 filtering



On Thursday 6. April 2006 04:41:29 Michael Richardson wrote:
> >>>>> "Marcin" == Marcin Jessa <lists%yazzy.org@localhost> writes:
>
>     Marcin> As many of you may know it's PITA to filter bittorrent
>     Marcin> traffic.  One of the most successful ways is to inspect
>
>   Don't. It won't work. People and programs are way too adaptable.

I both agree and disagree. I know of products which can filter at application 
level with success. There are always walk arounds but they're hard to figure 
for a "normal" user.

>     Marcin> layer 7 packets.  Is this possible with any of firewalling
>     Marcin> systems avaliable for NetBSD?
>
>   QoS the traffic that you care about to an appropriate level of
> service.

This is not doable without being able to match layer 7 traffic.
You cannot really do this for specific ports (80,443 etc.) as these ports can 
be (ab)used for something else than what's intended.



Cheers,
Marcin.



Home | Main Index | Thread Index | Old Index