hi!

i'm searching for a content filter for my firewall; maybe in combination with iptables.

it should be capable to block things like icp, audiogalaxy, kazaa.

thx

I've got no idea as to separate contentfilters, but you should be able to block Kazaa and Audiogalaxy because they use std ports.
Iptables has some form of contentfiltering called stringmatching support (IIRC) but that's experimental. Astaro and Suse promote fw packages having "content filtering", but by that they only mean HTTP traffic (using Squid prolly).

Another way I could think of would be to find some form of signature in that traffic, but that'll be hard, because Kazaa doesn't only do mp3, and let Snort block it.

Maybe you should review your fw rules, and only accept traffic for what you would explicitly allow.

first of all: thx.

my firewall is set up in the way, that only explicitly allowed ports are open. nonetheless, sw like icq is able to communicate via (e.g.) port 80. that makes it impossible for me, to disallow icq ...

binary patterns or signatures are interresting, but that's what i actually wanted to ask ... does someone konw something to filter via this criterias ?

AFAIK, wouldn't it just be easier to just block access to their server IP addresses with these Icq type apps?