Can not delete new uploade L7 protocol patterns



  • :o

    Hi, I have try to upload new pattern to block/limiter youtube video (have successful done the pattern on Mikrotik RouterOS). But, Unfortunately, I have double time upload difference file name via GUI upload (firewall–>traffic shapper --> layer7).

    Now I want to delete one of them, so I have access ssh to /usr/local/share/protocols/ and delete the .pat file that I want.

    So, now is the problem. Any time I come back to GUI on layer 7. The file .pat that I has deleted, it just come back... I believed it is a bug...

    Any one can confirm.

    Thanks



  • The Layer 7 code is badly broken in pfSense 2.2.x, as the daemon used doesn't work properly on FreeBSD 10. Layer 7 support has been completely removed from pfSense 2.3 because it was so badly broken. To that end, there is really no point reporting Layer 7 related bugs.



  • Ahh… Thank you. It is really clear and good to know...



  • Any hope L7 issue to be fixed in future or permanently removed



  • @Merchant:

    Any hope L7 issue to be fixed in future or permanently removed

    Layer 7 cannot be brought back unless someone fixes ipfw-classifyd for FreeBSD 10 or an entirely new approach to Layer 7 classification emerges. If I found the correct source code repository, ipfw-classifyd seems to have been abandoned by its original developers.

    Whilst Layer 7 classification was a nice to have feature, I have my doubts that it is sufficiently important for the pfSense team to devote any attention to fixing it. Many people will already have got used to Layer 7 support not working correctly in pfSense 2.2.x, so will have stopped attempting to use it.

    It is, I think, almost certain that pfSense 2.3 will be released with Layer 7 support in its current state - there is no Layer 7 support and all Layer 7 related configuration is removed from your configuration file when it is upgraded.



  • I think this is really sad…

    Barracuda Firewalls can detect specific traffic based on pre defined categories and block it or lower the priority for HTTPS encrypted traffic (facebook, youtube, windows updates etc.) this is such a great feature and i would love to see it on pfsense...
    Also it shows the active applications live!

    This is really a big (but almost the only) advantage over pfsense.






  • @Valex:

    I think this is really sad…

    Barracuda Firewalls can detect specific traffic based on pre defined categories and block it or lower the priority for HTTPS encrypted traffic (facebook, youtube, windows updates etc.) this is such a great feature and i would love to see it on pfsense...
    Also it shows the active applications live!

    This is really a big (but almost the only) advantage over pfsense.

    By using hostname aliases, can you not accomplish the same thing in pfSense?

    I doubt that Barracuda uses L7 to recognize Bing vs Windows Update (etc, etc) because encryption hides most information at the application layer. They most likely match traffic based on ports & hostnames.


  • Rebel Alliance Developer Netgate

    For L7 blocking, look at snort's appid features.



  • Hi

    I also find the removal of L7 a bit sad. Snort's OpenAppID feature is nice, as long as you want to block traffic, but what if you want to use L7 to send specific traffic types to a traffic shaper queue? Then OpenAppID wont work.

    One idea might be to replace ipfw-classifyd with something like nDPI (http://www.ntop.org/products/deep-packet-inspection/ndpi/). It's opensource and has the advantage of being able to inspect SSL encrypted traffic as well. I've already created a feature request for it - https://redmine.pfsense.org/issues/5813