Well, the work still in progress. Since the last time, we have more development done.
The Layer7 shaper interface is finished. No significant differences were done to the interface since the last post. Now, we can create rules by simple select the protocol, structure and element. The protocol field contains a list of protocols that is builted dynamically from protocols patterns that come default in the pfSense instalation; the structure field allows the user to choose what type of structure will be applied: “action”, “queue” or “limiter”; the behaviour field is dynamically filled accordingly to the structure that was chosen. If the selected structure was “action”, the possible behaviours are only two, “allow” or “block”; if it was “queue”, the possible behaviours are all the altq queues already defined; if it was “limiter”, the possible behaviours are all the dummynet pipes and queues already defined too.
Some errors situations are controlled, such as the case of creating a rule with the same protocol chose more than once.
A new feature that we introduced was the possibility to add new protocol patterns.
There are some patterns that come with a default pfSense installation, but we have the possibility to add more from the interface. It’s a simple gui interface, that uploads a protocol pattern file to the right location, but very useful if we want to upgrade our system with non default layer7 patterns. 🙂
Another option that we introduced was the capability to specify a layer7 rules container when editing the LAN firewall rules. Now, we can also specify to the filter if we want to apply the layer7 rules that we created.
Also some error situations are controlled such as the possibility to apply a layer7 rule only to TCP, UDP or TCP/UDP protocols.
The next step is creating a wizard to facilitate the configurations. Some ideas are thought but we still brainstorming. 🙂