Topic: Native support Layer 7 or IPP2P

[d_loayza]

I'm using SME server time ago and am very happy, the only problem is that it's been very difficult to block ARES and MSN Messenger on my network. Why does not offer native support for the proposed project Layer 7 or the IPP2P? would be a great advantage, especially considering that other products already included. Ex: http://www.ebox-platform.com/

Best regards

Daniel Loayza

Excuse my english, is not so good

[paradigm]

Hey Daniel ,

you could do a few things :

1.open a new NFR (new feature request) in bugzilla

2.use this part about blocking ports used by ARES and MSN Messenger :

http://wiki.contribs.org/SME_Server:Documentation:FAQ#Block_outgoing_ports

3.use this to block incoming traffic from ARES and MSN servers :

http://wiki.contribs.org/SME_Server:Documentation:FAQ#Block_incoming_IP_address

4.you could invest in good external router/firewall.

[cactus]

The basic reason SME Server does not do this is related to the fact that we take the kernel from our upstream provider (CentOS) and do not modify it. If they are to implement it in their kernel it will also get propagated to SME Server.

[d_loayza]

http://wiki.contribs.org/SME_Server:Documentation:FAQ#Block_outgoing_ports

Ares does not have a fixed TCP / UDP port, it changes automatically. That is why this suggestion does not help.

http://wiki.contribs.org/SME_Server:Documentation:FAQ#Block_incoming_IP_address

The Ip's that are connected in a P2P network also change frequently, as it could then use this suggestion.

In support of medium-sized enterprises, look for ways to save costs, using a router would increase them, especially if I'm very happy with SME server directly connected to the Internet.
 
It's a shame to take as the norm not to modify the core. I believe that this facility would be much appreciated by all users of SME.

Best regards.

Daniel Loayza

[Stefano]

daniel: if you need such a feature, please serach the forums and bugzilla; there was a kernel module to block p2p, but no one that supports it.

you can also think about founding the development..

[cactus]

In support of medium-sized enterprises, look for ways to save costs, using a router would increase them, especially if I'm very happy with SME server directly connected to the Internet.
 
It's a shame to take as the norm not to modify the core. I believe that this facility would be much appreciated by all users of SME.

The development resources for SME Server are pretty limited, a decision was therefore made to keep SME Server as close as possible to CentOS minimising maintenance work on core OS features (like security updates, patches and troubleshooting) and dedicate the time to SME Server functionality.

I think this feature would be appreciated by a lot of users, so if you can supply patches to how to implement level7 filtering in SME Server and are willing to maintain them for a longer period of time you are welcome to submit them to the bug tracker for consideration. Thanks in advance.

[paradigm]

MSN Messenger has some fixed ip server addresses that you can block (search google for more info).

Also have a look here :

http://wiki.contribs.org/P2P_blocking -- just checked - it does not seem to work

You could just use the ton of money that was saved when using sme server and not microsoft software and buy a nice router/firewall

which are not vary expensive this days and give you full control over what is going on your internat connection.

The norm to not modify the core is what makes sme server so stable , which i think is a lot more important then blocking p2p or

other nice features.

[janet]

paradigm & others

http://wiki.contribs.org/P2P_blocking -- just checked - it does not seem to work

You might want to read that again.
That rpm and db code is only applicable to the sme7.1 kernel, and the rpm needs recompiling for later sme releases.
 
The important message in the Note Box was not being displayed due to a change in the Wiki Note Box template.
A workaround has been added, ie additional brackets [[...]].
This problem appears to have happened since the time the Note Box template was changed quite some time ago, and therefore all Note Boxes are affected. The problem is that Note Boxes that include bug links ie [[Bugzilla:1234]], cause the whole Note Box text contents not to display at all, but instead display the words "Important message here".
The workaround is to enclose the bug link with a second set of double brackets ie [[[[Bugzilla:1234]]]].

This problem is happening system wide in all Note Boxes.
This is not a very satisfactory situation, the solution suggested is really a workaround. The Note Box template code needs either fixing or reverting to what it was previously.