Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about L7 filtering

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alexandru
      last edited by

      Hello,

      I really like pfSense 2.0, really really really like it  ;D Best X-mass in a while  :P
      I'm having fun w/ it at home and …the following question popped up about what i consider to be the "crown jewel" - traffic filtering at higher levels: is it possible to route something (eg. all outbound connections for YMess, AIM, GTalk, MSN, torrents) through one WAN and have something else (eg. SMTP, POP3, FTP, IMAP etc) going through another WAN?
      I managed to block them...but that is all i could do w/ L7 filtering (weh...never tried speed limits actually...though that should work 2)

      This is a little bit offtopic and a little to early to ask, i know - will squid/lightsquid/squidguard/HAVP be rewritten for 2.0beta? or will you wait until 2.0 release to update the packages?

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Actually i have not finished that code.

        It is supposed to mark a packet on inside and you can policy route on outside with floating rules.

        Though not finished and not much interested to do so.

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          The good thing with real L7(Application layer) is that you can publish multiole webservers behind one public IP.

          It looks at the content inside the packet and routes it, based on the rules in the firewall. Take a good look at ISA2006 and M$ Forefront Threat Management Gateway. They both handle L7 to its full extent, and does it very well. The downside is the configuration and config of rules… Could this be done in PFSense, I would switch on the spot. That is the only thing I miss in PFSense.

          1 Reply Last reply Reply Quote 0
          • R
            rojocesar
            last edited by

            I have installed the BETA 2 and I see that layer7 doesn't work, I don't know when you will fixed this problem.. I really think that pfsense is excellent and If is possible to use layer7 would be OK.. thanks for all

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.