North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: QoS for ADSL customers

  • From: william(at)
  • Date: Tue Dec 06 12:05:16 2005

On Tue, 6 Dec 2005, Ejay Hire wrote:

There are quite a few modules for iptables that will reach
up to Layer 7, including several specifically for file
sharing applications...

And one really nifty one that makes non-passive ftp work
through NAT.
These are "action" modules - they receive the data when it matches
particular netfilter rules and then do something in place where you
could have accept or reject. But for L7 filtering you need module
that can be used in place of "source" or "destination" rules. Yes
it is possible to build those with linux (like ipset - see - its pretty cool), but I've not seen ones for
L7 classification - at least not public open source ...

The place to find more about iptable is
For iptables it is (this one you
need only if you're building custom linux bridge).

William Leibzon
Elan Networks
[email protected]