Page 1 of 1

Application (Layer 7) Firewall

Posted: Sat Feb 01, 2014 11:57 am
by half12

Given that is possible to upgrade Linux with an Application Layer Firewall so that Firewall rules can be used to block or permit specific types of Applications including for example Microsoft Updates, Bittorrent, HTTP Media traffic (like iPlayer for example).

From a security perspective I would like to identify all the traffic I am happy to permit through the Firewall and therefore block everything else ie Malware Command and Control traffic.

Can technology like l7-filter be incorporated as a Firmware update to all Billion xDSL Routing devices.

A Stateful Inspection Firewall made be sufficient to stop traffic coming from the Internet but it does not provide the level of control to from the LAN to Internet. Aerohive offer an Application Firewall with their APs which are also built on Linux. In order to support an Application Firewall additional code is required to be added the Linux Firewall to give Application control, a code update should be sufficient. There will be a requirement for Application Firewall signature updates but that can be an automated download, or manual download. If you support this request for an Application Firewall or Layer 7 Firewall, please indicate your agreement by replying that you do. If enough people agree then Billion will hopefully listen.

I am planning to replace my router within the next 12 months and L7 visiblity and control is an absolute requirement.

Re: Application (Layer 7) Firewall

Posted: Sat Jan 16, 2016 9:45 am
by wifiuk
put the router in bridge mode and use something like pfsense on another box. safest way if your using firewall correctly.