On 10/25/2012 12:53 AM, Ed W wrote:
The practical upshot is that you can do stuff like:
iptables -I FORWARD -m opendpi --WinUpdate -j LOG
or
iptables -I FORWARD -m opendpi --skype -j REJECT
In theory you can also filter Facebook, Twitter, etc, but I concede that
doesn't seem to work as expected right now...
Another of the clever things that nDPI does is to try and classify SSL
traffic by examining the name on the cert. A technique that seems
likely to allow crude identification of significant traffic.
We could benefit from more eyes on this, both the netfilter module and
the nDPI library
Thanks for your feedback
Ed W
I tried the new version which is suppose to work with:
iptables -m ndpi --help
but it seems like there is an error:
iptables v1.4.12.1: Couldn't load match `ndpi':No such file or directory
but work with opendpi.
I am using kernel 3.3.8 64 bit.
did you tested the new changes to work?
for now I cant restart the server and I was hoping to test it without
doing it.
Thanks,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
