How to block MP3 download with L7 container???

Metu69salemi · Aug 8, 2011, 1:08 PM

Not sure if this is right pattern for blocking mp3.

Have you blocking rule before/above allow rule?

c.h · Aug 8, 2011, 6:05 PM

thanks for ur reply ill try it n let u know the result

yes i have made a rule on the WAN->LAN and LAN->WAN pass TCP/UDP and chose as L7 the mp3 block made be4
i'm not sure if thats what u asked abt

Cino · Aug 8, 2011, 6:29 PM

not sure about L7 but do you have squid setup? You could just block the ext *.mp3 from being downloading i believe.

Metu69salemi · Aug 8, 2011, 6:34 PM

On the lanside: it is good practice to set rules in this order
antilockout
blocking rules
allowing rules

My question was, do you have blocking rule before allowing rules in lan ruleset?

c.h · Aug 9, 2011, 8:31 AM

the pattern din't work maybe my rules aren't set like they should be

-I have 1 LAN and 1 WAN as interfaces connected so I added a rule on the WAN for my PC's IP pass rule and chose the source as single host and http port 80 as port range
for the destination i set it to : any
and chose Layer 7 the mp3 protocol where i added my pattern

-as for my LAN interface i added a rule using the same IP but as destination not source and the rest is configured exactly the same as on the WAN

am I missing steps ?
Yes the order I have is:
Anti-lockout then the rule that i set it is pass bcz of the L7 i have to choose then the default allow rule is it right?
no im tryin to make it work without squid
Thanks GUYS

Metu69salemi · Aug 9, 2011, 9:29 AM

Yes you are.

In pfsense rules work on ingress. if you want to handle lan machines while passing through pfsense, you should add rule on LAN not on WAN.

Do you want to take screenshots of your lan and wan rules?

c.h · Aug 16, 2011, 7:43 AM

These are my screen shots for the rules created I have used the wizard single LAN/single WAN the queues work but not the limiter or mp3 blocker what am i missing?

Metu69salemi · Aug 16, 2011, 8:50 AM

I'm not using L7 so the answer isn't so exact. but what does behaviour "new", what happens if you change it to "action"

Metu69salemi · Aug 16, 2011, 8:55 AM

I just tested with SSH, and it works. What is your current snapshot?

c.h · Aug 16, 2011, 9:37 AM

"new " is the limiter 1kbps i created
I tried to apply it in the L7 and try to download a normal mp3 song from the net it doesn't limit the download speed to 1k

and even if I try to use the limiter named "new" in the out/in like the pic i added now also not the result i want

i dint understand the SSH thing ? u mean u turned the webGui protocol to https and it worked? :P
THANKS

Metu69salemi · Aug 16, 2011, 9:41 AM

No i mean't that i tried limiting and blocking with ssh connection, because that i can test remotely with ease

c.h · Aug 16, 2011, 9:58 AM

oh i see

can u put some of ur screen shot maybe i can figure out and make it work ????
so @ least due to ur reply m sure traffic shaping and blockin and limiters work in pfsense RC3 now
Thx

Metu69salemi · Aug 16, 2011, 10:11 AM

Two simple ones. see attachments

c.h · Aug 16, 2011, 10:34 AM

THANKSs

did u try the limiter???
and for ur rule what did u apply or create? floating ,LAN,WAN …???

Metu69salemi · Aug 16, 2011, 10:54 AM

in opt2 interface which is renamed, work as lan. didn't try limiter yet