[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: Limiting traffic per protocol and port.
From:       "John R. Shannon" <john () johnrshannon ! com>
Date:       2005-04-19 14:40:45
Message-ID: 200504190840.45673.john () johnrshannon ! com
[Download RAW message or body]


On Tuesday 19 April 2005 07:39 am, Karl Borg wrote:
> Hi,
>
> I am trying to do something, but I don't know if it is at all possible
> with pf. I have read the doc, and I have found nothing saying that it
> is indeed possible, but I may have missed or misunderstood something.
>
> What I am trying to do is, for example, only allowing http connection
> to pass through port 80, and/or to block ssh connection through the
> same port.

That requires a protocol specific (http) proxy server. Consider using 
something like squid, apache proxy, or other http proxy in addition to pf. 

Note: It's still possible to tunnel ssh through a http proxy using kttp 
protocol.

> Is it possible to do that with pf ?
> How would I do that with pf ?
> As it doesn't seem to be possible with pf alone, should I be using
> something else instead of pf, or is there something that I could use
> with pf to achieve this result ?
>
> Any pointer welcome.
>
> K

-- 
John R. Shannon, CISSP
Sr. Software Scientist
Science Applications International Corporation
john.r.shannon@saic.com
john.r.shannon@us.army.mil
john@johnrshannon.com

["smime.p7s" (application/pkcs7-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]