** Reply to message from Antony Stone <[EMAIL PROTECTED]> on Sat, 22 Jun 2002 00:12:28 +0100
> On Friday 21 June 2002 7:31 pm, James Mello wrote: > > > > Also I'm wondering say if I have a dmz and allow people to come into a > > > server on port 80, will netfilter inspect the packet on all 7 layers > > > of the OSI model and make sure that it is actually a http packet and > > > following the rules and protocol specifications of http? > > > > No, but there are experimental modules that will allow you to enforce > > your own rules. I've heard of some IDS or attack detection capabilities > > being done through IP tables. > > What sort of modules ? I *hope* you don't mean the 'string' match ? > > I'm not aware of anything based on IPtables which makes an effective (OSI > layer 7) IDS - it's just not designed for it, being a packet filter..... There is the psd module. Check it out. jb -- Jack Bowling mailto: [EMAIL PROTECTED]
