Date: Wed, 17 Mar 2004 19:12:52 +0100 From: Thomas Vogt <turbo23@gmx.net> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: layer7 filter? Message-ID: <40589524.60801@gmx.net> In-Reply-To: <40588915.1040905@mac.com> References: <4058710F.4060608@gmx.net> <40588915.1040905@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Chuck Yes, but as far as I know, divert is slow. It's not usable in enviroments with >=100mbit. But I'm glad if you can show me that this not true :) regards, Thomas Chuck Swiger wrote: > Thomas Vogt wrote: > >> Any plans to implement a OSI layer7 filter into ipfw? Or is there >> already a project for fbsd? I only know >> http://l7-filter.sourceforge.net/ but it's linux only. > > > The divert mechanism already present in IPFW can be used in conjuction > with application-specific proxies to perform layer-7 filtering. For > example, consider diverting outbound connections to port 80 to a Squid > cache, for example, which might also perform authentication, filtering > by URL, or other HTTP-protocol-specific stuff. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40589524.60801>