Listing messages in my inbox, one from freebsd-net list cought my attention; basically, Mike Makonnen wrote code that could classify application layer protocols then attach matching packets to ipfw and dummynet rules:
Quote:
As the name implies it uses ipfw(4) to implement a userland daemon that
classifies TCP and UDP packets according to regular expression patterns
for various protocols. It's intended to be used with divert(4) sockets
and dummynet(4) so you can do traffic shaping depending on the
application level protocol. The protocol patterns are from the l7-filter
project.
Basically, you use ipfw(8) to divert tcp/udp packets to the damon. It
reads its configuration file for a list of protocols and ipfw(8) rules.
Then, when it detects a matching session it re-injects the packet back
at the specified rule number. The tarball has a sample configuration
file and firewall script to get you started.
|
First message at the mailing list:
http://lists.freebsd.org/pipermail/f...ly/019086.html
Code with config and firewall example included:
http://people.freebsd.org/~mtm/ipfw-classifyd.tar.bz2
It was said that after a thorough testing this might turn into a port, a pf version might come in as well.
At last, something that FreeBSD lacked.