layer7 filter?
Thomas Vogt
turbo23 at gmx.net
Wed Mar 17 10:07:57 PST 2004
Hi Chuck
Yes, but as far as I know, divert is slow. It's not usable in
enviroments with >=100mbit. But I'm glad if you can show me that this
not true :)
regards,
Thomas
Chuck Swiger wrote:
> Thomas Vogt wrote:
>
>> Any plans to implement a OSI layer7 filter into ipfw? Or is there
>> already a project for fbsd? I only know
>> http://l7-filter.sourceforge.net/ but it's linux only.
>
>
> The divert mechanism already present in IPFW can be used in conjuction
> with application-specific proxies to perform layer-7 filtering. For
> example, consider diverting outbound connections to port 80 to a Squid
> cache, for example, which might also perform authentication, filtering
> by URL, or other HTTP-protocol-specific stuff.
>
More information about the freebsd-ipfw
mailing list