View Single Post
  #6   (View Single Post)  
Old 25th February 2010
gzgeniii gzgeniii is offline
New User
 
Join Date: Aug 2008
Posts: 2
Default

Sounds like you want to keep port 80 open for normal web browsing but want to stop certain programs from using it (eg. download manager)

The only way I can think of to do this would be use a firewall/filter device that does Layer 4/Deep Packet Inspection (DPI - actually looks inside the data packet being sent).

I believe OpenBSD is a layer 3 firewall device only. I may be wrong here but the only way you might be able to achieve this with OpenBSD would be block everything and force everyone to go through some sort of proxy/filter program that performs this type of DPI.

Even then your mileage may vary as the smarter download mangers may emulate common web browsers anyway as far as their http send requests go.

The suggestion above about limiting TCP connections per IP is probably the easiest way that is actually built into OpenBSD but still won't stop savvy users from using these programs if they tune them to use a lower connection count.
Reply With Quote