l7-filter

From Wikipedia, the free encyclopedia

l7-filter is a classifier for Linux's Netfilter subsystem that identifies packets based on application layer data. The major goal of this is to make possible the identification of peer to peer programs, which use unpredictable port numbers. It is implemented as a kernel module in Linux 2.4 and 2.6. An experimental version was released in December 2006 which runs as a user-space program.

l7-filter uses regular expressions to identify the network protocol. This technique, used in conjunction with a QoS system, allows port-independent traffic shaping.

All versions of l7-filter have been released under the GNU General Public License.

[edit] External links

• l7-filter's website
• A wiki with a lot of l7-filter information