[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] L7 filtering in Netfilter

Subject: [ale] L7 filtering in Netfilter
From: mr at 4securenet.com (Raju)
Date: Thu Nov 6 12:51:07 2003

Anyone had success with this?

http://l7-filter.sourceforge.net/

Nowadays you can pretty much tunnel any protocol through standard
out-bound ports in Firewalls (most security policies obvisouly allow 80,
443, etc), differentiating HTTP from Gnutella, etc. can be difficult with
out L7 inspection. Although Checkpoint's FW-1 stateful-inspection claims
it can understand L7 information without taking a performance hit
(proxies), I was hoping for an Open Source solution without paying
ridiculous license fees :-) Try changing the IP address bound to an
interface with Check Point? Talk about a pain the a$$.....sheeez


--Raju

Prev by Date: [ale] Fedora and RHN?
Next by Date: [ale] Linux Help Desk Call Apps?
Previous by thread: [ale] still more building a new box woes
Next by thread: [ale] [OT] Oh.... My.... God!
Index(es):
- Date
- Thread