Date: Wed, 10 Sep 2003 14:51:28 -0700 From: Darcy Buskermolen <darcy@wavefire.com> To: Don Bowman <don@sandvine.com>, "'freebsd-ipfw@freebsd.org'" <freebsd-ipfw@freebsd.org> Subject: Re: regex match in ipfw rule? Message-ID: <200309101451.28807.darcy@wavefire.com> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337027427C1@mail.sandvine.com> References: <FE045D4D9F7AED4CBFF1B3B813C85337027427C1@mail.sandvine.com>
index | next in thread | previous in thread | raw e-mail
On Tuesday 09 September 2003 19:43, Don Bowman wrote: > has anyone ever considered adding a regular > expression match type to ipfw? it seems like > this might be very useful. To be efficient, > and anchored, I guess it would need to > be available for both IP and TCP and perhaps > other protocols (e.g. ip payload, tcp payload). > > This could be used to match e.g. code-red style > worms. > > one barrier is that there is not currently regex > support in kernel, but pcre could probably be > compiled for it. You may want to look at hogwash, it uses the same packet analyse engine as used by snort, this may do what you are after. I belive that it will also let you handel things like frag reassembly ect. > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.comhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309101451.28807.darcy>