Re: content filter design

From: Jose Maria Lopez Hernandez (
Date: 02/12/05

  • Next message: Gareth Bromley: "Re: RELATED ICMP packets "destination-unreachable""
    Date: Sat, 12 Feb 2005 12:36:28 +0100

    Sridhar Natarajan wrote:
    > i( an amateur in firewall design) am planning to design a content
    > filter in linux. i need help in these questions
    > * can connection tracking be done using content filters for
    > apllication layer protocols like tracing dns requests and replies?
    > *to what extent does tracing the packets at network layer rather than
    > at the proxy improve the speed ?
    > Please help.Thanks in advance.

    I would take a look at the code of iptables, because
    the libipq library could be useful for this.


    Jose Maria Lopez Hernandez
    Director Tecnico de bgSEC
    bgSEC Seguridad y Consultoria de Sistemas Informaticos
    The only people for me are the mad ones -- the ones who are mad to live,
    mad to talk, mad to be saved, desirous of everything at the same time,
    the ones who never yawn or say a commonplace thing, but burn, burn, burn
    like fabulous yellow Roman candles.
                     -- Jack Kerouac, "On the Road"

  • Next message: Gareth Bromley: "Re: RELATED ICMP packets "destination-unreachable""