I have been watching posts go back and forth regarding Layer7 filtering with PF. What are the plans for this (if any). I was thinking about it, how difficult would it be to add in a setup similiar to the OSPF that currently exists. ie: a file of fingerprints (possibly converted from snort rules?), then used like:
drop in log quick on $ext_if layer 7 "edonkey login" drop in log quick on $ext_if layer 7 "aim send message"
etc etc. I was lookin at the source in the OpenBSD tree, and there really wasn't any documentation to explain what some of the functions did, so I am not sure how to do this, as I was willing to attempt it myself.
regards, chris
