l7-filter: Similar But Different
At a high level, the netifyd software can be used to replace the functionality of l7-filter. However, the implementation is done quite differently In order to take advantage of more advanced network processing in the open source nDPI library.
- Which devices are consuming the most bandwidth
- Identify top mobile apps in use on the network
- Geolocation reports
With l7-filter, packets were marked with user-specified numbers in netfilter/iptables. For example, let’s say an administrator wanted to force all DNS and SMTP traffic through a local server on the network, and block all DNS and SMTP traffic to external servers on the Internet. The administrator’s /etc/l7-filter.conf would look something like:
dns 3 smtp 4
The administrator would then configure the iptables firewall rules to block or shape traffic using the mark number. l7-filter would put itself right in the middle of traffic flow in order to mark packets.
- Provides deep packet inspection powered by the open source nDPI engine
- Detects over 160 protocols
- Provides hooks for firewalling
- Provides hooks for bandwidth and QoS
- Generates network report data for Netify (optional)
- Provides a small footprint for use in embedded systems
- Implements network flow analysis