layer7 filter?
jeremie le-hen
le-hen_j at epita.fr
Thu Mar 18 03:30:36 PST 2004
> Yes, but as far as I know, divert is slow. It's not usable in
> enviroments with >=100mbit. But I'm glad if you can show me that this
> not true :)
On the other hand, layer 7-filtering is not what we can call a fast match
method against network traffic. AFAIK "L7-filter" for NetFilter is based
on regular expressions, and matching even a simple re against every packet
in a 100MBits environnement would be rather expensive.
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen at epita.fr
ttz at epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
More information about the freebsd-ipfw
mailing list