regex match in ipfw rule?
Darcy Buskermolen
darcy at wavefire.com
Wed Sep 10 14:51:33 PDT 2003
On Tuesday 09 September 2003 19:43, Don Bowman wrote:
> has anyone ever considered adding a regular
> expression match type to ipfw? it seems like
> this might be very useful. To be efficient,
> and anchored, I guess it would need to
> be available for both IP and TCP and perhaps
> other protocols (e.g. ip payload, tcp payload).
>
> This could be used to match e.g. code-red style
> worms.
>
> one barrier is that there is not currently regex
> support in kernel, but pcre could probably be
> compiled for it.
You may want to look at hogwash, it uses the same packet analyse engine as
used by snort, this may do what you are after. I belive that it will also
let you handel things like frag reassembly ect.
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
--
Darcy Buskermolen
Wavefire Technologies Corp.
ph: 250.717.0200
fx: 250.763.1759
http://www.wavefire.com
More information about the freebsd-ipfw
mailing list