Content Filtering while bridged
-
Greetings,
I'm hoping someone can point me in the right direction here. I have PFSense(full not embeded) installed on a machine here, and acting as a transparent bridge. That is all working wonderfully…perhaps too well as it has exposed a couple of users who are abusing the bandwidth. I'm looking to be able to do content filtering on our bridge. I was hopeful that snort would do what I wanted, but found out that it doesn't work on a bridged environment. I have a user that is streaming music, and we want to squash that right away, as well as put other content-filter rules in. I am able to make firewall rules to block things, but everytime he changes channels/servers/etc... the IP's change.Are there any other packages or techniques that will work over a bridge and allow me to do content filtering?
All help is greatly appreciated
Thanks
-
You wont have much luck on that if you want to keep the bridge.
But couldnt you try to restrict access to the internet a bit?
Like block everything and only allow access to port 80 (http) 110 (pop) 53 (dns) etc. -
Thanks for the reply…
The bridge is a temporary thing until we replace our PIX boxes later this year. The pixes were put in way before my time, and by someone who has obviously never actually managed a network, so this is just a bandaid until then.
I'm really hoping to get away from commercial firewalls altogether, but the main draw of cisco branded things is our users that use the Cisco VPN Client. I will try your suggestion of tightening things up some, but that introduces problems of it's own due to the multitude of things we have to support, i.e...terminal emulators, etc...
-
Or do it the other way around.
It shouldnt be too hard to find out on what ports these music servers stream their data and just block this port as source. -
I hate to say it but for contentfiltering in transparent mode you might want to look at http://www.untangle.com/ to do this particular job.