Need help: How to activate Layer7 P2P Blocker?
-
Nah the rules does not match like that.
You have to make it match so divert can continue. -
What would be the best way to get it to match? I changed the rule to use LAN has the interface and dest port 110. I was still able to access it.
pass on { em2 } inet proto tcp from any to any port 110 divert 41786 flags S/SA keep state ( max-packets 5 ) label "USER_RULE" <rule><id><type>pass</type> <interface>lan</interface> <ipprotocol>inet</ipprotocol> <tag><tagged><direction>any</direction> <floating>yes</floating> <max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype> <os><protocol>tcp</protocol> <source> <any><destination><any><port>110</port></any></destination> <descr><l7container>testblocking</l7container></descr></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></tagged></tag></id></rule>
-
so, whats the conclusion ?
does it work or not ? i've only tried like 10 mins to get it working but haven't thus far
-
I do have good news about Layer 7 blocking, I was able to block all pop3 traffic from leaving my box. I still have to do more testing but progress is being made :-) Thanks Ermal!!!!
-
How did you fix it?
-
I didn't fix it. Ermal did… Update to the lastest snapshot and give it try