Query: Can Netfilter inspect xml soap traffic

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: william fitzgerald <wfitzgerald@tssg.org>
To: netfilter@vger.kernel.org
Subject: Query: Can Netfilter inspect xml soap traffic
Date: Tue, 25 Mar 2008 15:01:10 +0000	[thread overview]
Message-ID: <47E913B6.4080004@tssg.org> (raw)

Dear Netfilter Experts,

Can Netfilter/iptables inspect xml/soap messages as xml based firewalls do?

Does the Layer-7 module have enough "smarts" to inspect web service 
messages.

I am asking in regard to the role of Network Access Control firewalls 
such as iptables within a dedicated enterprise web service SOA environment.

I have seen some posts that suggest that firewalls are now obsolete, 
particularly NACs, in regard to web services (everything is over http 
hence less effect restrictions).

However, my opinion is that its not as simple as opening ports 80 and 
443 to tunnel SOAP messages.

For example, I may want to restrict IP ranges, maybe I have some 
business partners and I only want them accessing the web service. Or 
maybe I need to control DoS attacks to web services.

I think if iptables has also the ability to deep packet inspect xml 
messages it then demonstrates that there is still an importance for NAC 
based firewalls.

All pointers to documentation and your comments are welcome.

I look forward to your support,
regards,
Will.

-- 
William M. Fitzgerald,
PhD Student,
Telecommunications Software & Systems Group,
ArcLabs Research and Innovation Centre,
Waterford Institute of Technology,
WIT West Campus,
Carriganore,
Waterford.
Office Ph: +353 51 302937
Mobile Ph: +353 87 9527083
Web: www.williamfitzgerald.org
      www.linkedin.com/in/williamfitzgerald
      www.ryze.com/go/wfitzgerald

next             reply	other threads:[~2008-03-25 15:01 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-25 15:01 william fitzgerald [this message]
2008-03-25 16:42 ` Query: Can Netfilter inspect xml soap traffic Grant Taylor
2008-03-25 17:04   ` william fitzgerald
2008-03-25 17:25     ` Grant Taylor
2008-03-25 17:33     ` Grant Taylor
2008-03-25 17:35       ` Grant Taylor
2008-03-25 19:56     ` Benny Amorsen
2008-03-25 20:13       ` Grant Taylor
2008-03-26 16:39         ` william fitzgerald

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47E913B6.4080004@tssg.org \
    --to=wfitzgerald@tssg.org \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox