On Fri, Aug 3, 2018 at 11:03 AM, Oleg <lego12239@xxxxxxxxx> wrote: > On Fri, Aug 03, 2018 at 01:21:05AM +0430, Saber Rezvani wrote: >> On 08/03/2018 12:14 AM, Oleg wrote: >> > On Thu, Aug 02, 2018 at 06:44:26PM +0430, Saber Rezvani wrote: >> >> Dear all, >> >> >> >> >> >> Some of my friends and I have decided to work on Linux community, and >> >> add a new feature to the networking subsystem. We have concluded that >> >> URL filtering with IP/NF tables may be a good feature if we can >> >> implement it in Linux networking subsystem. Because through our research >> >> we found out with the current IP/NF tables since that payload is spread >> >> through several packets, it is not possible. Hi! I believe that this is a very feasible feature, at least for header filtering. In fact, iptables has already a string match that could be used for this purpose. Hopefully, this ability will be available for nft soon. >> > Do you think this feature will be useful now? For example, filtering uri in >> > https isn't possible and http using is decreasing now. There are some components in the kernel to decrypt HTTPS, so software-based ssl offload in the kernel is coming. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
