Implementation so far…

We are still doing some tests with ipfw-classifyd and pf. This is not an easy task as we’ve been finding some dificulties along the way.

In the mean time, we are also already working on the code base to integrate the layer 7 capabilities in pfSense. For now, I would say that the core code base is in pretty advanced form already, at least the part responsible for the creation of ipfw-classifyd configuration files. Essentially, this part of the code is responsible for storing what we call “layer 7 rules containers” in the $config array and ultimately generating the ipfw-classifyd config file for each of the “layer 7 rules container”. A rules container works like an alias and, for example, it can take the following shape:

http = action pass
bittorrent = action block
pop3 = dnpipe 1
sip = queue voIP

But as stuff in the ipfw-classifyd is still being tested we are not sure if this is going to be the final version of things. A “layer 7 rules container” also has a divert port automatically assigned to it in the 40000-60000 range. The idea is that someone might assign this container to a rule in the “Firewall -> Rules” section, like you assign, for example, a queue. How is this going to be exposed to the user has not yet been completely decided, but we are working on it.

The graphical interface for the creation of these so called “layer 7 rules container” is already being built. It’s taking us sometime since our html and javascript coding capabilities are a little rusty, but we are already improving our skills šŸ™‚ This is being made in a way such that it will integrate seamlessly with the other shaper tabs.

As said before, we are still deciding on how to integrate thing on firewall_rules_edit.php and However this does not seem to be difficult once we decide the road to take and how to expose this new option.

We expect to post more on the ipfw-classifyd tests we are doing as soon as we finish them.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: