[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Packet Inspection



--On Monday, January 24, 2005 6:28 PM +0100 Roland Kaeser <roli israel-jugendtag ch> wrote:

I know this would rater belong to the user list but I'm not a subscriber
of this list so I try to post it here.
I need a package inspection tool for a very large firewall project. The
ipt_string functionality does not longer exist in the iptables
implementation of the kernel 2.6 so I need a other tool which drops all
packages or communication parts which contains dangerous contents. I've
searched a lot of websites but I couldn't find anything which reliabley
implements a such function. Is there somebody which has experiences in
these field and can advise me? This functionality should been implemented
on a Fedora 2 machine which stands in the front of the application level
firewalls to prevent its from traffic which is not productive.

I'd strongly recommend asking on the netfilter list. Red Hat has a policy of only adopting kernel features that are part of the upstream core kernel, and doesn't include experimental stuff. So you'll probably need to get the Fedora kernel source RPM and make a custom build with the additional netfilter modules that you need.


I've quoted your whole question for those who might be able to answer once they realize you mean IP packets and not RPM packages. I notice a lot of people using "package" instead of "packet" and wonder if this mistranslation is coming from some particular source? How did you come to use the term "package"? Maybe we can go upstream and get the usage corrected. (Mind you, I'm a dumb provincial American so I only speak one language, and this isn't meant as an insult to those of you smart enough to take on English in addition to your native language.)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]