Re: Packet Inspection

[Kenneth Porter <shiva sewingwitch com>]

--On Monday, January 24, 2005 6:28 PM +0100 Roland Kaeser 
<roli israel-jugendtag ch> wrote:

> I know this would rater belong to the user list but I'm not a subscriber
> of this list so I try to post it here.
> I need a package inspection tool for a very large firewall project. The
> ipt_string functionality does not longer exist in the iptables
> implementation of the kernel 2.6 so I need a other tool which drops all
> packages or communication parts which contains dangerous contents. I've
> searched a lot of websites but I couldn't find anything which reliabley
> implements a such function. Is there somebody which has experiences in
> these field and can advise me? This functionality should been implemented
> on a Fedora 2 machine which stands in the front of the application level
> firewalls to prevent its from traffic which is not productive.

I'd strongly recommend asking on the netfilter list. Red Hat has a policy 
of only adopting kernel features that are part of the upstream core kernel, 
and doesn't include experimental stuff. So you'll probably need to get the 
Fedora kernel source RPM and make a custom build with the additional 
netfilter modules that you need.

I've quoted your whole question for those who might be able to answer once 
they realize you mean IP packets and not RPM packages. I notice a lot of 
people using "package" instead of "packet" and wonder if this 
mistranslation is coming from some particular source? How did you come to 
use the term "package"? Maybe we can go upstream and get the usage 
corrected. (Mind you, I'm a dumb provincial American so I only speak one 
language, and this isn't meant as an insult to those of you smart enough to 
take on English in addition to your native language.)