list,
I have been watching posts go back and forth regarding Layer7 filtering
with PF. What are the plans for this (if any). I was thinking about it,
how difficult would it be to add in a setup similiar to the OSPF that
currently exists. ie: a file of fingerprints (possibly converted from
snort
I need testers and guinea pigs for an automatic ruleset optimizer.
The optimizer does superblock construction and optimization therein
without changing the meaning of the ruleset.
The specific optimizations with 'pfctl -o -f ' are:
1) remove duplicate rules
2) remove rules that are a sub
On Mon, Jun 28, 2004 at 03:16:15PM -0700, cloper wrote:
> drop in log quick on $ext_if layer 7 "edonkey login"
> drop in log quick on $ext_if layer 7 "aim send message"
While for applications TCP is a byte stream protocol, packet filters (as
the name implies) operate on a lower level. They do not
Daniel,
I agree, I have no idea how the internals of PF work, and what it is
capable of, which is why I emailed the list :)
Would it be possible or feasible to write a daemon that does perform
logic and state tracking w/ regex, that could possibly speak to the PF
internals to add rules dynamical
