mobility and firewall
Michael R Head
burner at suppressingfire.org
Sat Jun 4 04:22:08 CDT 2005
On Sat, 2005-06-04 at 10:47 +0200, Ante Karamatić wrote:
> On Sat, 2005-06-04 at 03:32 -0400, Michael R Head wrote:
>
> > Still, it's not very helpful unless it uses the full path to the
> > executable.
>
> iptables -A OUTPUT -p TCP -m layer7 --l7proto http -j ALLOW
> iptables -A INPUT -m layer7 --l7proto bittorent -j DROP
>
> etc... layer7 anyone? I use this daily. It works...
Good stuff. I'll have to check it out for my firewall.
Doesn't help when a given piece of software tunnels through http,
though, right?
mike
> --
> Ante Karamatic|--|ivoks(@)grad.hr|--|PGP: D3BDA225
> http://master.grad.hr/~ivoks/|--|ICQ: 64631782
> May, 15. <herve> we're fixing the universe, it's not an easy duty!
--
Michael R Head <burner at suppressingfire.org>
GPG: http://www.suppressingfire.org/~burner/gpg.key.txt (ID 23A02B1F)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050604/6c13fb47/attachment.pgp
More information about the ubuntu-devel
mailing list