Re: Snort p2p.rules / pf TAG

[Greg Wooledge <greg@wooledge.org>]

kobaz@looz.mip.pl (kobaz@looz.mip.pl) wrote:

> It's possible to *sign* somehow p2p traffic by snort and then traffic shape
> this*signed* packets by pf/altq ? I mean can snort put some tag and pf/altq
> will understand this tag?

Man, if someone figures out how to get this sort of thing working,
*please* tell me.

Right now, I'm trying to figure out how to get a Linux box running Freenet
to route packets sent by the "freenet" user's UID out through a different
gateway, with a different source address, so that PF on the OpenBSD box
can classify them by virtue of their source address.  So far, it's not
working.  But that's a Linux/iptables issue, off topic here.

(Since Freenet's all encrypted, and outgoing connections use arbitrary
ports, there's absolutely no way to classify it on the firewall by
packet inspection.)

I also thought about using the various TOS/DSCP bits in the packet header
to mark them on the way out, but I couldn't see any references to DSCP in
pf.conf(5), so that doesn't look promising either.

--
Greg Wooledge                  |   "Truth belongs to everybody."
greg@wooledge.org              |    - The Red Hot Chili Peppers
http://wooledge.org/~greg/     |

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]