[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls
From:       Stuart Henderson <stu () spacehopper ! org>
Date:       2013-11-28 18:21:43
Message-ID: slrnl9f2e2.1lb.stu () naiad ! spacehopper ! org
[Download RAW message or body]

[ http://www.mouedine.net/relayd/ ]

> Le 2013-11-27 13:21, Tristan Le Guern a \xc3\xa9crit\xc2\xa0:
> > Are you aware that DNS use TCP connexion when replies are too large
> > for UDP? It is a bad practice to block this.                                      \
> > 

When replies are too large, or in some cases when the servers are
under attack (the RRL SLIP mechanism).      

Other notes on this method:

- magnet: links don't use http

- forcing all https sites through this type of proxy will break sites
using certificate pinning, e.g. google sites if accessed via chrome


[prev in list] [next in list] [prev in thread] [next in thread]