[PLUG] so-called "next generation" firewalls
Russell Senior
russell at personaltelco.net
Thu May 12 20:47:48 UTC 2011
>>>>> "Aaron" == Aaron Burt <aaron at bavariati.org> writes:
Aaron> On Tue, May 10, 2011 at 03:23:03PM -0700, MJang wrote:
>> I keep reading about "Next generation" firewalls that filter
>> different Web services that go through standard Web ports,
>> e.g. SonicWall, PaloAlto, etc. These are firewalls that enable
>> fine-grained blocking of things like specific Facebook games,
>> without blocking the rest of Facebook, through port 80/443.
Aaron> Normally, it would be called "Deep Packet Inspection", but this
Aaron> sounds like recycled porn-blocker technology. Simple stuff can
Aaron> be handled with Squid or other proxies, and DansGuardian should
Aaron> be capable of handling more complicated cases.
Aaron> Anyone played with OpenDPI?
The lead OpenWrt developer says that he's planning to include it in
OpenWrt after some cleanups, replacing the l7 filter stuff or
something like that.
DPI isn't going to work though if the payloads are encrypted.
--
Russell Senior, President
russell at personaltelco.net
More information about the PLUG
mailing list