Layer7 Issues
-
Did you already try this with snort?
-
No, I have not tried it with snort. Is it easy to accomplish with snort? I just figure that this is exactly what this layer7 functionality is for. So nobody else has tried using this yet? Or if they have it's working perfectly for them?
-
Just updated to the latest build (built on Sat Nov 27 04:12:08 EST 2010) and still no go. I have tried setting it with one floating rule (in/out), two floating rules (one in, one out), a rule before the default LAN rule, and on the default LAN rule itself. I have tried all those rules with tcp, udp, and tcp/udp. The entries still show up in the firewall log, but nothing is actually being blocked. I'm getting down to crunch time now. I've been rocking pfSense for a quite some time now and love it, but this is probably a deal breaker for me going forward. I really don't want to start putting in ASA's (cost and ease of administration).
-
I have had that same problem this days (somewhat different, not L7), but similar. I wanted to block certain traffic which worked fine before but now not. Tried the same things with rules everywhere with no success. Due to that i was thinking that me is/was not able to do this job, tried it with v1.2.3 and it worked instantly.
-
Last night I tried (with an up-to-date snapshot) to add a Layer 7 rule to block SSH (and added HTML later as well as a test) to an existing LAN Pass rule. It blocked neither, though the traffic was logged as being outbound based on that rule, so it was that rule being applied, but nothing was blocked based on Layer 7.
-
So is this a bug then? If so, how do I go about submitting it? I saw some posts from earlier in the year where people had said this was working great for them. Maybe it worked in the earlier 2.0 builds?
-
Bugtracker is at http://redmine.pfsense.org/projects/pfsense/issues
Whether it's a bug or not isn't my call, but I'd certainly call the lack of functionality on my end a bug, unless I'm doing it totally wrong. But I read a couple of threads about it, I'm pretty sure I'm doing what I'm supposed to be doing for it to work. If you submit it, the devs will make the call :-)
-
its an old issue (6 months) that never got fixed, check this: http://redmine.pfsense.org/issues/636
-
I see you added a comment to the bug, I did as well. Hopefully it gets addressed soon.
-
Agree, I havnt been able to get this working either.
Oh while im here, does anyone know how to create different protocol containers to match a particular application? There is a fair few in the list but not everything i require.
Regards,
-
Voona maybe take a minute to add a comment to the bug? As for custom sigs, they mention it in the L7 portion of the traffic shaping guide. I'm guessing eventually they'll have their own write-up for it, but for now they mention taking a look at the sourceforge page.
http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Layer_7
http://l7-filter.sourceforge.net/Pattern-HOWTO
