D-Link NetDefendOS User Manual page 256

This example will limit the usage by the user group called rogue_users to 0.25 Megabit of
bandwidth for both uploading and downloading of data using BitTorrent. Assume the following:
• Membership of a user in a group called rogue_users is established by the authentication
process. This might be done by using a RADIUS server or using other means such as
authenticating against an LDAP server. The means of authentication is not discussed further.
• A Pipe object called narrow_025_pipe has already been defined in NetDefendOS that permits
this data flow.
• An IP Policy object called lan_to_wan_policy has already been defined that allows
connections from a protected internal network to the public Internet.
• The Source Network property for the lan_to_wan_policy IP policy is already set to an IPv4
address book object called lan_users_net.
It is assumed that all clients on the local network that access the Internet must be authenticated.
Command-Line Interface
First, the appcontrol command is used to create a filter for BitTorrent. This should also include the
uTP protocol:
gw-world:/> appcontrol -filter -application=bittorrent,utp -save_list
Assume that this filter list is the third filter list created and is therefore assigned the list number 3.
All filters can be displayed with the command:
gw-world:/> appcontrol -show_lists
Next, create an ApplicationRuleSet called bt_app_list:
gw-world:/> add Policy ApplicationRuleSet bt_app_list
Then, change the CLI context to be bt_app_list:
gw-world:/> cc Policy ApplicationRuleSet bt_app_list
gw-world:/bt_app_list>
Now, add the ApplicationRule object:
gw-world:/bt_app_list> add ApplicationRule
Then, return to the default context:
gw-world:/bt_app_list> cc
gw-world:/>
Associate this ApplicationRuleSet with the IPPolicy:
DefaultAction=Allow
Action=Allow
AppFilter=3
UserAuthGroups=rogue_users
ForwardChain=narrow_025_pipe
ReturnChain=narrow_025_pipe
256
Chapter 3: Fundamentals