Application (Layer 7) Firewall

Got a suggestion or want to add something to our future wishlist?
Post Reply
half12
Posts: 6
Joined: Sun Feb 05, 2012 10:30 am

Application (Layer 7) Firewall

Post by half12 »

Hi,

Given that is possible to upgrade Linux with an Application Layer Firewall so that Firewall rules can be used to block or permit specific types of Applications including for example Microsoft Updates, Bittorrent, HTTP Media traffic (like iPlayer for example).

From a security perspective I would like to identify all the traffic I am happy to permit through the Firewall and therefore block everything else ie Malware Command and Control traffic.

Can technology like l7-filter http://l7-filter.clearfoundation.com/ be incorporated as a Firmware update to all Billion xDSL Routing devices.

A Stateful Inspection Firewall made be sufficient to stop traffic coming from the Internet but it does not provide the level of control to from the LAN to Internet. Aerohive offer an Application Firewall with their APs which are also built on Linux. In order to support an Application Firewall additional code is required to be added the Linux Firewall to give Application control, a code update should be sufficient. There will be a requirement for Application Firewall signature updates but that can be an automated download, or manual download. If you support this request for an Application Firewall or Layer 7 Firewall, please indicate your agreement by replying that you do. If enough people agree then Billion will hopefully listen.

I am planning to replace my router within the next 12 months and L7 visiblity and control is an absolute requirement.
wifiuk
Posts: 31
Joined: Thu Aug 09, 2012 1:57 pm

Re: Application (Layer 7) Firewall

Post by wifiuk »

put the router in bridge mode and use something like pfsense on another box. safest way if your using firewall correctly.
Post Reply