Application layer filtering. ??$$??



  • I'm not sure if this should be a new bounty or if it should be a feature request for the new traffic shaper so I'm just going to post it here.

    Lately, I've been working on configuring the traffic shaper on my 1.2 box and have found it very difficult to create rules to catch certain types of traffic (streaming video, music, P2P traffic, torrent traffic, etc) and then assign that traffic to the correct queue in the traffic shaper.  I see there is a Linux project called L7 filter http://l7-filter.sourceforge.net that looks like it would work great for this kind of filtering; unfortunately it’s based on Linux instead of BSD.  Is there any devs out there that would like to take up a project like this?

    Also, I haven't assigned a $ amount to this bounty because I'm not sure what a bounty like this would be worth.  So I am looking for some input from the community on how much $$ I should set this bounty at?

    Thanks.



  • Well can you state your pledge first and i will tell you if it is reasonable for this kind of task.



  • The most I can pledge at this time is #100.  I was hoping some other people would also find this feature useful and pledge some money towards the bounty.



  • Feel free to move this post to a new bounty if you wish.
    You can filter things like skype (signature based application level - I believe) with snort. Snort used to be part of the packages in pfsense.
    I'm offering $25.00 to bring snort back.
    Here's a howto block skype with pfsense and snort.

    http://www.carbonwind.net/Firewalls/BlockingSkypewithPfsenseandSnort/BlockingSkypewithPfsenseandSnort.htm

    Of course this howto is useless now since snort was pulled out of the packages with pfsense 1.2  :'(
    I'm sure there's a few who would like to snort come back instead of having to run yet another appliance.
    Just my $0.02 of course.



  • There is an application level filering present in 1.3 builds it just is missing the GUI.


Locked