[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls
From: Stuart Henderson <stu () spacehopper ! org>
Date: 2013-11-28 18:21:43
Message-ID: slrnl9f2e2.1lb.stu () naiad ! spacehopper ! org
[Download RAW message or body]
[ http://www.mouedine.net/relayd/ ]
> Le 2013-11-27 13:21, Tristan Le Guern a \xc3\xa9crit\xc2\xa0:
> > Are you aware that DNS use TCP connexion when replies are too large
> > for UDP? It is a bad practice to block this. \
> >
When replies are too large, or in some cases when the servers are
under attack (the RRL SLIP mechanism).
Other notes on this method:
- magnet: links don't use http
- forcing all https sites through this type of proxy will break sites
using certificate pinning, e.g. google sites if accessed via chrome
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic