Content Filtering while bridged



  • Greetings,
    I'm hoping someone can point me in the right direction here.  I have PFSense(full not embeded) installed on a machine here, and acting as a transparent bridge.  That is all working wonderfully…perhaps too well as it has exposed a couple of users who are abusing the bandwidth.  I'm looking to be able to do content filtering on our bridge.  I was hopeful that snort would do what I wanted, but found out that it doesn't work on a bridged environment.  I have a user that is streaming music, and we want to squash that right away, as well as put other content-filter rules in.  I am able to make firewall rules to block things, but everytime he changes channels/servers/etc... the IP's change.

    Are there any other packages or techniques that will work over a bridge and allow me to do content filtering?

    All help is greatly appreciated

    Thanks



  • You wont have much luck on that if you want to keep the bridge.

    But couldnt you try to restrict access to the internet a bit?
    Like block everything and only allow access to port 80 (http) 110 (pop) 53 (dns) etc.



  • Thanks for the reply…

    The bridge is a temporary thing until we replace our PIX boxes later this year.  The pixes were put in way before my time, and by someone who has obviously never actually managed a network, so this is just a bandaid until then.

    I'm really hoping to get away from commercial firewalls altogether, but the main draw of cisco branded things is our users that use the Cisco VPN Client.  I will try your suggestion of tightening things up some, but that introduces problems of it's own due to the multitude of things we have to support, i.e...terminal emulators, etc...



  • Or do it the other way around.
    It shouldnt be too hard to find out on what ports these music servers stream their data and just block this port as source.



  • I hate to say it but for contentfiltering in transparent mode you might want to look at http://www.untangle.com/ to do this particular job.


Locked