Subject: Re: Which (free) software to do application-level firewalling
To: Joel CARNAT <firstname.lastname@example.org>
From: Stephen Borrill <email@example.com>
Date: 03/04/2006 13:22:13
On Sat, 4 Mar 2006, Joel CARNAT wrote:
> I spend the last two days at "Microsoft Security Days" in Paris while I
> was spammed with "M$ does it", "M$ is great", yadda yadda... When I put
> the commercial aspect away, there ISA server 2004 looks pretty nice.
> To sum up, it is a firewall that can deal with network flow at
> application level (aka ISO layer 7) - that is, it can block data flow if an
> HTTP/SMTP/... command is known to be bad (too long, attack signature, ...).
> My question is, using NetBSD ;), what is the way to validate network flow
> at level7 ?
Not an answer to your question, but I was looking for some way to share
ports between applications selecting the destination app on the basis of
a signature at the start of data. I asked on tech-net@ but the only
suggestion was do it on the basis of source IP address or port range.
For instance, I would like to port share between Apache and OpenVPN on
port 443. There are hacks in Linux to do this. Given that there was no
obvious solution to this, there's probably no easy wasy to do the related
things that you're asking about.