Grant Taylor wrote:
On 09/25/08 06:18, Brent Clark wrote:
It looks like the filtering is done in user space rather than by
IPTables. I don't know what to think about this. I personally would
be more interested in this if it ran in kernel space and you provided
it the list of blocked sites via /proc or sysctl or the likes. But,
if it works, more power to it.
But what I have to do is that I keep having to remind myself is that
iptables is for layer 3 /4 operation. But then what does layer 7 control?
Well it seems to be the way to go, look at other tools like snort
inline. And also whats interesting is that I see some of the BSD lot use
/ recommend this type of filtering (snort2pf).
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
