Hi! How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
shacky wrote:> Hi! > How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall?ipp2p is integrated with Shorewall - l7-filter is not. As a consequence, it is easier to use ipp2p. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep wrote:> shacky wrote: >> Hi! >> How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall? > > ipp2p is integrated with Shorewall - l7-filter is not. As a consequence, > it is easier to use ipp2p.However, if you want to use L7-filter, just use the NFQUEUE target in Shorewall-perl 4.0.6 to send the traffic you want to be filtered by L7-flter to NFQUEUE. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> However, if you want to use L7-filter, just use the NFQUEUE target in > Shorewall-perl 4.0.6 to send the traffic you want to be filtered by > L7-flter to NFQUEUE.So are you advising me to use ipp2p? Some people told me that L7-Filter is better than ipp2p, and I like it because it can recognise more protocols than ipp2p. Could you help me to understand how to use L7-Filter with the NFQUEUE features of Shorewall, please? ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
shacky wrote:> Could you help me to understand how to use L7-Filter with the NFQUEUE > features of Shorewall, please?Sorry -- I looked at the L7-Filter documentation enough to understand that it uses NFQUEUE and that''s all that I have the time or the interest to do. The basic idea should be that traffic that you would otherwise ACCEPT will be sent to NFQUEUE instead (at least that''s the way that Snort-inline works). This includes ESTABLISHED traffic so you will need to insert NFQUEUE rules in the ESTABLISHED section of the rules file (and disable FASTACCEPT in shorewall.conf) for that traffic that you want L7-filter to rule on. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/