Question about L7 filtering



  • Hello,

    I really like pfSense 2.0, really really really like it  ;D Best X-mass in a while  :P
    I'm having fun w/ it at home and …the following question popped up about what i consider to be the "crown jewel" - traffic filtering at higher levels: is it possible to route something (eg. all outbound connections for YMess, AIM, GTalk, MSN, torrents) through one WAN and have something else (eg. SMTP, POP3, FTP, IMAP etc) going through another WAN?
    I managed to block them...but that is all i could do w/ L7 filtering (weh...never tried speed limits actually...though that should work 2)

    This is a little bit offtopic and a little to early to ask, i know - will squid/lightsquid/squidguard/HAVP be rewritten for 2.0beta? or will you wait until 2.0 release to update the packages?



  • Actually i have not finished that code.

    It is supposed to mark a packet on inside and you can policy route on outside with floating rules.

    Though not finished and not much interested to do so.


  • Banned

    The good thing with real L7(Application layer) is that you can publish multiole webservers behind one public IP.

    It looks at the content inside the packet and routes it, based on the rules in the firewall. Take a good look at ISA2006 and M$ Forefront Threat Management Gateway. They both handle L7 to its full extent, and does it very well. The downside is the configuration and config of rules… Could this be done in PFSense, I would switch on the spot. That is the only thing I miss in PFSense.



  • I have installed the BETA 2 and I see that layer7 doesn't work, I don't know when you will fixed this problem.. I really think that pfsense is excellent and If is possible to use layer7 would be OK.. thanks for all


Locked