Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L7 error

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    11 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xbipin
      last edited by

      im trying to use L7 inspector to block torrents, below is what i get in my systemlog as soon as the rule is made active

      Jul 10 19:30:04 php: : Sending HUP signal to 41910
      Jul 10 19:30:04 ipfw-classifyd: Something went wrong waiting on kqueue.

      1 Reply Last reply Reply Quote 0
      • X
        xbipin
        last edited by

        is any1 using L7 to block torrents, that is if its actually working in pfsense nanobsd at all

        1 Reply Last reply Reply Quote 0
        • M
          mxx
          last edited by

          Hi,

          until about 3 weeks ago I often tried it after a new snapshot was released. It never worked for me blocking torrents though. It also didn't block emule at that time back. When I tried it the last time I got 100% cpu load on classifyd. That's when I stopped to continue trying it out with newer snapshots.. wanted to wait until this is 100% done http://redmine.pfsense.org/issues/635

          1 Reply Last reply Reply Quote 0
          • X
            xbipin
            last edited by

            mayb Ermal can tell us when it would be completed or mayb if every1 requiring this feature could pitch in some $$ to start a bounty to get it completed asap.

            1 Reply Last reply Reply Quote 0
            • S
              Supermule Banned
              last edited by

              I could be talked into doing that, but then we would have to be very specific to what L7 really is. And what the objectives are….

              1 Reply Last reply Reply Quote 0
              • M
                mxx
                last edited by

                Sorry, but I think blocking torrent and emule, as nice as it is, shouldn't be a very high priority, what you think? ;)

                1 Reply Last reply Reply Quote 0
                • S
                  Supermule Banned
                  last edited by

                  The thing is, that a working L7 could do that easily…Mayby thats why...?

                  1 Reply Last reply Reply Quote 0
                  • X
                    xbipin
                    last edited by

                    specific as in my understanding of L7 packet inspector being something that my ISP uses in this part of the world to block certain protocols and packet patterns used for VoIP and having the ability of mainly blocking p2p applications such as torrents etc that drain all the bandwidth

                    1 Reply Last reply Reply Quote 0
                    • S
                      Supermule Banned
                      last edited by

                      Read more here

                      http://www.webopedia.com/quick_ref/OSI_Layers.asp

                      1 Reply Last reply Reply Quote 0
                      • M
                        mxx
                        last edited by

                        The current Layer7 implementation/functionality pfsense offers -though only useable to block certain protocols- is a really nice feature already .
                        I'm very excited to try it out once it's working properly to block black sheep in the lan from using p2p  ;) though I guess it's quite difficult to completely block this kind of traffic.

                        1 Reply Last reply Reply Quote 0
                        • X
                          xbipin
                          last edited by

                          im aware of the model but personally the only good use i can make of it is to block p2p currently, mayb it can do a lot more but using nanobsd on the alix board, wouldnt it be a bit more heavy duty for hardware muscle this small reducing the throughput?

                          y dont each of use mention what they would want in L7, provided its capable of it, this way the objectives can be more clear.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.