<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> Nils Breunese wrote: <blockquote cite="mid35443EFD-4484-4B85-AB8B-0FA7F786C9B7@breun.nl" type="cite">Peter Scheie wrote: <blockquote type="cite">I think you'll have to elaborate on what you want to prevent. Using a web browser is 'file sharing', as is much of computer communication, in that the user's computer requests a file, in this case an html file, from another computer, the web server. If you're talking about bittorrent traffic, you could block ports 6881-6999 on your external firewall. </blockquote> Though that won't really block all BitTorrent as it's pretty easy to set the port you want to use in the BitTorrent client. I use 16881 myself for instance. Probably better to block *all* ports by default and only open up the ones that are really needed. Nils Breunese. </blockquote> With BitTorrent, it's worse. Remember that we now have not just encrypted BitTorrent, but port-hopping BitTorrent. We have to deal with this, too. Your BitTorrent client finds that can't talk on its "regular" ports (TCP 6881-6999)? Azureus, among others, will randomly port-hop *and* encrypt, specifically to defeat both firewalls *and* protocol analyzers. It's very effective. We "stop" it at the Internet gateway, and we do it with a fairly strict "this is what's 'allowed' outbound" policy. We use a Packeteer to shape everything but TCP 80, TCP 443, and certain other TCP/UDP ports down to, maybe, 10Kb/sec. Thus, when Azureus goes a-port-hoppin, fine! It's limited to 10Kb...shared by EVERYONE. Meanwhile, TCP 80, TCP 443, etc. work at normal multi-megabit speed. Yes, it's a dirty, sneaky, nasty trick...and it works really well. You could do the same thing with a Linux or OpenBSD gateway. A little iptables/pf QoS magic is all you need. --TP <div class="moz-signature"> _______________________________ Do you GNU!? <a href="http://www.gnu.org/">Microsoft Free since 2003</a>--the ultimate antivirus protection! </div> </body> </html>