On Monday 05 July 2004 15:46, Saad Faruque wrote: > I did think of doing it the other way around, but again i have to > list all the internet services that are being used which is also > changing continuously. Unless you're running a lot of P2P applications, I can't see the 'need' list being very long... 21, 22, 80, 110, 143, 443, 993, 995... maybe a few others for remote desktop apps, etc. > more like a layer 7 filtering. im just trying to find a > smarter way of doing it, which will be more effective and could be > updated easily. This is possible :) http://l7-filter.sourceforge.net/ It needs kernel 2.6 to be 'easy', if you use 2.4 you can only rate-limit and not simply drop packets based on the application type. gdh
