From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 17 10:07:57 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 473A616A4CE for ; Wed, 17 Mar 2004 10:07:57 -0800 (PST) Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 74D8A43D1F for ; Wed, 17 Mar 2004 10:07:56 -0800 (PST) (envelope-from turbo23@gmx.net) Received: (qmail 7592 invoked by uid 65534); 17 Mar 2004 18:07:55 -0000 Received: from 253.catv107.lgt01.lan.ch (EHLO gmx.net) (62.204.107.253) by mail.gmx.net (mp027) with SMTP; 17 Mar 2004 19:07:55 +0100 X-Authenticated: #627573 Message-ID: <40589524.60801@gmx.net> Date: Wed, 17 Mar 2004 19:12:52 +0100 From: Thomas Vogt User-Agent: Mozilla Thunderbird 0.5b (Windows/20040215) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chuck Swiger References: <4058710F.4060608@gmx.net> <40588915.1040905@mac.com> In-Reply-To: <40588915.1040905@mac.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-ipfw@freebsd.org Subject: Re: layer7 filter? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 18:07:57 -0000 Hi Chuck Yes, but as far as I know, divert is slow. It's not usable in enviroments with >=100mbit. But I'm glad if you can show me that this not true :) regards, Thomas Chuck Swiger wrote: > Thomas Vogt wrote: > >> Any plans to implement a OSI layer7 filter into ipfw? Or is there >> already a project for fbsd? I only know >> http://l7-filter.sourceforge.net/ but it's linux only. > > > The divert mechanism already present in IPFW can be used in conjuction > with application-specific proxies to perform layer-7 filtering. For > example, consider diverting outbound connections to port 80 to a Squid > cache, for example, which might also perform authentication, filtering > by URL, or other HTTP-protocol-specific stuff. >