Re: Content Filtering Firewall in Linux..

• Previous message: Chris Mason: "Re: Content Filtering Firewall in Linux.."
• In reply to: Andrew Rucker Jones: "Re: Content Filtering Firewall in Linux.."
• Next in thread: Kyle Wheeler: "Re: Content Filtering Firewall in Linux.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
Date: Fri, 19 Aug 2005 19:23:17 +0200

On Fri, 2005-08-19 at 06:30 +0200, Andrew Rucker Jones wrote:
> Hrvoje Spoljar wrote:
> > You are looking for layer7 iptables patch.
> > http://l7-filter.sourceforge.net/
>
> No, You're really not. This was made for quality of service and suffers
> the same problems as Netfilter with hex string support. Think about
> this: You create a pattern for l7-filter (or Netfilter with hex strings)
> to look for "sex" and drop it. First You run into the "Essex" problem,
> so You change it to " sex ", but that doesn't block " sex." or " sex!"
[CUT]

If you take another look at the original mail you will realize that
'content' is not very well defined. OP does not say he want's to block
content like sex or something, or does content relate to type of service
or service, but when he mentioned solutions like iptables and such there
is no way to do 'sex' filtering at that level ? ;-) so any type of
content that is worth filtering and recognition at such level is a
layer7 recognition and some good statefull inspection firewall. Yes
layer7 is good partner for implementing smart QoS policies, but also it
is one if not only solution that will help you filter out conections
that use unstandard ports for services that are forbiden by firm policy.

-- 
 ____ __  ___| |  ___   Ignorance is    .~.    hrvoje.spoljar@x.pbf.hr
(_-< '_ \/ _ \ |_/ -_)  bliss, but     / V \   irc # RoCkY 
/__/ .__/\___/__/\___|  knowledge is  /(   )\  icq : 53000945   
  |_|                   power!          ^-^    http://spole.pbf.hr

• Previous message: Chris Mason: "Re: Content Filtering Firewall in Linux.."
• In reply to: Andrew Rucker Jones: "Re: Content Filtering Firewall in Linux.."
• Next in thread: Kyle Wheeler: "Re: Content Filtering Firewall in Linux.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: 2nd layer of filtering? ... >SELECT MRN, Name, Sex, DOB, SSN ... >because all I'm doing is filtering between 1-4 parameters. ... (microsoft.public.dotnet.framework.adonet) Re: Content Filtering ... The BEST content filtering available... ... > Hello Friendz, ... > site that contains particular words or links such as SEX, Porn etc. ... (microsoft.public.isa.enterprise) Re: Motorcycles, dancing, a good book and sex ... filtering when you're in the zone, where everything is shooting ... when I give it "The Helicopter" on the dance floor. ... I had some great sex while my ex was caught up in a book (if ... (uk.rec.motorcycles) Re: Motorcycles, dancing, a good book and sex ... filtering when you're in the zone, where everything is shooting ... when I give it "The Helicopter" on the dance floor. ... I had some great sex while my ex was caught up in a book (if ... (uk.rec.motorcycles)