> > No, but there are experimental modules that will allow you
> to enforce
> > your own rules. I've heard of some IDS or attack detection
> > capabilities being done through IP tables.
>
> What sort of modules ? I *hope* you don't mean the 'string' match ?
Yeah, I actually do mean the 'string' match :) I've got some friends who
used this to do some filtering on content on their own internet exposed
boxes to prevent stupid Nimda worm and other attacks from being
perpetrated. They *did* say it was slow, but overall it's been a pretty
effective solution for them. Note I *never* did say that you can do all
sorts of Layer 7 evaluation (or validation) like the guy said. I just
suggested this as an option to do some layer 7 filtering and content
checking...
-- Cheers
-- James
