layer7 filter?

[Chuck Swiger]

Thomas Vogt wrote:
> Any plans to implement a OSI layer7 filter into ipfw? Or is there 
> already a project for fbsd? I only know 
> http://l7-filter.sourceforge.net/ but it's linux only.

The divert mechanism already present in IPFW can be used in conjuction with 
application-specific proxies to perform layer-7 filtering.  For example, 
consider diverting outbound connections to port 80 to a Squid cache, for 
example, which might also perform authentication, filtering by URL, or other 
HTTP-protocol-specific stuff.

-- 
-Chuck