Hi, > I just red about layer-7 filtering, but i > cant change my kernel right now, so i want to try as much as i can with > packet filtering.. Anybody here? I don't think you will be able to do anything about it without Layer-7 filtering. I think (and I may be wrong in this for the time being) that KaZaA uses SSL, so reading the payload content is going to be impossible. However, if there are servers running on port 80, you can see if it looks like a valit HTTP request. If it doesn't you drop it, because it is probably some kind of a P2P application using the port. I don't know how good the current generation of P2P applications is at masquerading as legitimate HTTP traffic. tcpdump will tell you more about that. Unfortunately, there are also likely to be servers out there that run on port 443 (HTTPS), which you probably cannot or don't want to block. And since that is supposed to run over SSL, you are rather out of luck... Same goes for any valid port used for SSL communication. So, in conclusion, even Layer-7 filtering will not help you if/when the communication is encrypted... Regards. Gordan
