Adding the deep packet inspection to the firewall using NDPI

Continuing the discussion from Road to NS 7 RC:

Wow I love this feature :slight_smile: hope we can get it to work

1 Like

The nDPI feature is ready for testing!

1 Like

It might be a real killer feature, we need to deeply test it! @vhinzsanchez @Nas @matteoarlotti and @quality_team
Please help us to collect every scenarios!

no experience on DPI yet…I’ll try maybe nextweek. I’ll have to reformat my test server.

A good scenario would be a school or non-profit organisation wanting to block certain content for moral or legal reasons.

Test case 1:

installation done without issue
Machine: NS7 beta 2 virtualbox, 2 nics (1x green, 1x red)
installed packages: nsdc, proxy, fileserver, basicfirewall

reboot machine o.k. (a little slower then before, but that doesn’t matter)

[root@ns7test ~]# uname -r

[root@ns7test ~]# lsmod | grep xt_ndpi | head -n1
xt_ndpi 491520 0

[root@ns7test /]# grep ndpi /etc/shorewall/modules
loadmodule xt_ndpi

[root@ns7test /]# grep ndpi /etc/shorewall/shorewall.conf

Test case will follow…


created firewall rule any/any/facebook and any/any/youtube. both worked.
facebook and youtube were blocked. :smiling_imp:

2 Questions:
Is there a list of possible dpi protocols?
How to block a simple url with dpi? Possible?

Test 3: I can’t do. Sorry, no 2nd provider. :blush:



No it’s not, the DPI module works on tcp/udp connections level.


Done! Thanks to all for the testing job! :clap: