* DPI and set's of users.
@ 2012-10-03 11:04 Eliezer Croitoru
2012-10-05 17:32 ` Ed W
0 siblings, 1 reply; 3+ messages in thread
From: Eliezer Croitoru @ 2012-10-03 11:04 UTC (permalink / raw)
To: netfilter
I managed to use opendpi for Deep packets inspection and it seems to be
more suitable then other layer 7 DPI solutions.
I have 9 categories of connections such as p2p messenger etc and I have
ip addresses of users that can or cant use the service.
basically the rule is to block service unless I allow the specific IP.
but there is a big list of IP addresses and I need to update them on 6
machines when I change anything and needs to be effecting immediately.
what is the best tool to manage big lists of IP's and to match them to a
rule?
it seems to me the best choice is ipset ? but I didnt understood how to
use it?
Thanks,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: DPI and set's of users.
2012-10-03 11:04 DPI and set's of users Eliezer Croitoru
@ 2012-10-05 17:32 ` Ed W
2012-10-08 19:08 ` Eliezer Croitoru
0 siblings, 1 reply; 3+ messages in thread
From: Ed W @ 2012-10-05 17:32 UTC (permalink / raw)
To: Eliezer Croitoru; +Cc: netfilter
On 03/10/2012 12:04, Eliezer Croitoru wrote:
> I managed to use opendpi for Deep packets inspection and it seems to
> be more suitable then other layer 7 DPI solutions.
Can you please test my fork of opendpi-netfilter for nDPI (the ntop fork
of opendpi)
https://github.com/ewildgoose/ndpi-netfilter
You need svn nDPI from here:
http://www.ntop.org/get-started/download/
It may support more protocols... it may crash a lot...
Good luck
Ed W
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: DPI and set's of users.
2012-10-05 17:32 ` Ed W
@ 2012-10-08 19:08 ` Eliezer Croitoru
0 siblings, 0 replies; 3+ messages in thread
From: Eliezer Croitoru @ 2012-10-08 19:08 UTC (permalink / raw)
To: Ed W; +Cc: netfilter
On 10/5/2012 7:32 PM, Ed W wrote:
> On 03/10/2012 12:04, Eliezer Croitoru wrote:
>> I managed to use opendpi for Deep packets inspection and it seems to
>> be more suitable then other layer 7 DPI solutions.
>
> Can you please test my fork of opendpi-netfilter for nDPI (the ntop fork
> of opendpi)
> https://github.com/ewildgoose/ndpi-netfilter
>
> You need svn nDPI from here:
> http://www.ntop.org/get-started/download/
>
> It may support more protocols... it may crash a lot...
>
> Good luck
>
> Ed W
Nice.
Thanks for the info.
If you would change the module canonical name from opendpi to another
that will fit the ndpi it will be less of a problem in a case that it's
buggy( I can revert instead of a lot of trouble).
Thanks,
Eliezer
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-10-08 19:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-03 11:04 DPI and set's of users Eliezer Croitoru
2012-10-05 17:32 ` Ed W
2012-10-08 19:08 ` Eliezer Croitoru
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).