I just want to point out to all @quality_team (and of course anyone interested) some great gateway/firewall enhancements to test…
verified (but need to be installed if interested in creating rules with nDPI):
to test:
I hope to find some time on the weekend to test them, for now, installation went fine.
kudos to @dev_team great work! 
So, for testing, only the following packages must be installed?
In nethserver-testing ( http://packages.nethesis.it/nethserver/7.2.1511/testing/x86_64/Packages/?C=M;O=D ):
nethserver-firewall-base-3.0.4-1.41.g662aa08.ns7.noarch.rpm
nethserver-firewall-base-ui-3.0.4-1.41.g662aa08.ns7.noarch.rpm
nethserver-base-3.0.7-1.6.ga7174b0.ns7.noarch.rpm
nethserver-httpd-admin-2.0.2-1.1.ga8abb48.ns7.noarch.rpm
yes if you are not interested in testing them the with nDPI (that is a really nice feature 
), otherwise install also
nethserver-ndpi-0.0.1-1.7.ge4785fd.ns7.noarch.rpm
kmod-xt_ndpi-0.0-1.ns7.x86_64
kernel-lt-4.4.19-1.el7.elrepo.x86_64
Thank you @dz00te !
To recap (for me 
):
For testing all 3 from above (your initial post):
Must be installed:
nethserver-firewall-base-3.0.4-1.41.g662aa08.ns7.noarch.rpm
nethserver-firewall-base-ui-3.0.4-1.41.g662aa08.ns7.noarch.rpm
nethserver-base-3.0.7-1.6.ga7174b0.ns7.noarch.rpm
nethserver-httpd-admin-2.0.2-1.1.ga8abb48.ns7.noarch.rpm
nethserver-ndpi-0.0.1-1.7.ge4785fd.ns7.noarch.rpm
kmod-xt_ndpi-0.0-1.ns7.x86_64.rpm
kernel-lt-4.4.19-1.el7.elrepo.x86_64.rpm
from here: http://packages.nethesis.it/nethserver/7.2.1511/testing/x86_64/Packages/?C=M;O=D
Tested allready ndpi with faceebook and youtube and it worked. Really great stuff from @giacomo. Congratulations. 
For the rest I hadn’t time jet. I was bussy testing other thing. Hope I’ll find some time next week.
Great job man, thanks for highlight this stuff! The community has the right to know 
Hi guys,
I have installed all 3 modules, I have rebooted the NS, I have checked DPI and I have created two rules, for FB and for YouTube, as @flatspin wrote here:
Adding the deep packet inspection to the firewall using NDPI
and here:
Adding the deep packet inspection to the firewall using NDPI
Unfortunately, I cannot block the access to Facebook and to YouTube when Web proxy is set to Transparent with SSL (no matter if Block HTTP and HTTPS ports is enabled or disabled).
When Web proxy is set to Transparent (no matter if Block HTTP and HTTPS ports is enabled or disabled), I obtained different messages in different browsers, but nothing that tell me that the sites are blocked by NS firewall and is not a network error! I think should be a message from NS firewall!
Another thing: The checkbox for “Write to log if this rule matches” is not “Activated”.
Sorry, my bad. I forgot to mention that I only tested in transparent mode.
And yes, I also got no message. fb and youtube were only not reachable, with out any hint why.
It was more a quick look at this feature then a real test.
I prefer to use Web proxy in Transparent with SSL.
When I have seen that the sites are not blocked I start to test different configurations for Web proxy.
With Web proxy disabled, the sites are blocked.
This is expected normal behavior.
When you use the Transparent SSL proxy, you can block every website/url you desire with the Web content filter blacklist.
From the technical point of view, nDPI inspects traffic that goes through the firewall, but a transparent proxy terminates the client connection to the firewall itself, not letting it through and creates a new connection from the firewall to the requested web server (i.e., there are two connections both with the firewall as source or destination, not a single connection traversing the firewall).
We would probably need to document this carefully.
Hi @giacomo ,
I remember that a few days ago when I have tested “Enhance traffic shaping” and I have installed all the rpms from above, in Configuration -> Network, when I “Edit” the red interface, I saw there that I can set the “Bandwidth configuration”, as you mention here: https://github.com/NethServer/dev/issues/5113
I think in the meantime I have rebooted the NS.
Now, I don’t see the “Bandwidth configuration” in Configuration -> Network -> RED Interface -> Edit.
Probably the system installed a new rpm without the patch (a fixed released for the samba part).
Install this one from testing (just released):
I am using transparent proxy and have noticed that the counts in the new N7 dpi module screen are always at zero. At first I wondered if I had ndpi configured properly, but I suspect this is normal behavior when using transparent, i.e., the ndpi module never inspects the packets because they are routed to the proxy server/content filter.
The firewall documentation confirms that this is probably true:
“nDPI rules can’t block the http/https traffic if web proxy is enabled in transparent mode.”
It’s a shame to not at least be able to use ndpi to monitor what kind of traffic, which sites, are being most heavily used, but if that’s the way it has to be, the content filtering capability is much more important to me.
I can confirm this, disabling the proxy you can see your numbers increase.
