On Friday 21 June 2002 7:31 pm, James Mello wrote: > > Also I'm wondering say if I have a dmz and allow people to come into a > > server on port 80, will netfilter inspect the packet on all 7 layers > > of the OSI model and make sure that it is actually a http packet and > > following the rules and protocol specifications of http? > > No, but there are experimental modules that will allow you to enforce > your own rules. I've heard of some IDS or attack detection capabilities > being done through IP tables.
What sort of modules ? I *hope* you don't mean the 'string' match ? I'm not aware of anything based on IPtables which makes an effective (OSI layer 7) IDS - it's just not designed for it, being a packet filter..... Antony.
