On 2006.03.01 23:04, S t i n g r a y - fasi_74@xxxxxxxxx wrote:
The problem is that , i have a proxy/firewall box that provides internet to my internal users, now i have only permitted the common ports like ftp,http,smtp,pop3 etc etc & blocked all other , now there are couple of p2p applications out there that tunnel through my port 80 as its open, this is taking up my internet bandwith, i want to stop that ...
Well, then what Rob said before applies. Netfilter is not good for solving this problem. Squid is reputed to be very good for this problem. Regards, Jim
regards --- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > On Wed, March 1, 2006 16:40, S t i n g r a y wrote: > > will it filter out HTTP tunneling also ? > > Do you mean you have a VPN tunnel which transfers > http, or what ? If that is > the case, I don't think so ; Squid can only inspect > traffic that it can see of > course. However, if the Squid-box is at the end of > the tunnel you may be able > to do it. > But maybe I don't understand correctly what problem > you are trying to solve. > > > Gr, > Rob > > > --- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > >> On Wed, March 1, 2006 12:45, S t i n g r a y > wrote: > >> > Is it possible to filter HTTP > signatures/headers > >> > with Iptables ? or is there addon for it ? > >> > >> You may be able to use the String match but you > can > >> only filter the payload of 1 packet at a time : > if a > >> signature/header spans multiple packets then it > >> won't work. > >> > >> Netfilter is not meant to do content filtering. > >> Perhaps you can use Squid. > >> > >> > >> Gr, > >> Rob > > > > *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Jim Laurino nfcan.x.jimlaur@xxxxxxxx Please reply to the list. Only mail from the listserver reaches this address.
