[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf with any l7 patches or ability?

On Thursday 06 November 2003 17:09, Daniel Hartmeier wrote:
> If someone shows me how to do it correctly, that might even convince me
> to try to implement it in pf. But what I've seen so far were horrible
> kludges in the sense that I can immediately predict a dozen ways it will
> raise false alarms or be easily circumvented by a moderately clever
> tool. What I'd want is a scheme that I myself could trust.
The real point is: what do we need ?
Something that binds together a protocol (HTTP) and a port (tcp 80) ?
Something that stops an exploit ?
Something that choose what to do reading application level data ?
(like forwarding streams based on HTTP Hostname field)
Something that transparently modifies application level data ?
(like removing mail attachments)
Each problem has a solution, but it's not true that the solution to every 
problem is the same ;-)