Continuing the discussion from Road to NS 7 RC:
Wow I love this feature hope we can get it to work
Continuing the discussion from Road to NS 7 RC:
Wow I love this feature hope we can get it to work
The nDPI feature is ready for testing!
It might be a real killer feature, we need to deeply test it! @vhinzsanchez @Nas @matteoarlotti and @quality_team
Please help us to collect every scenarios!
no experience on DPI yet…I’ll try maybe nextweek. I’ll have to reformat my test server.
A good scenario would be a school or non-profit organisation wanting to block certain content for moral or legal reasons.
Test case 1:
installation done without issue
Machine: NS7 beta 2 virtualbox, 2 nics (1x green, 1x red)
installed packages: nsdc, proxy, fileserver, basicfirewall
reboot machine o.k. (a little slower then before, but that doesn’t matter)
[root@ns7test ~]# uname -r
4.4.19-1.el7.elrepo.x86_64
[root@ns7test ~]# lsmod | grep xt_ndpi | head -n1
xt_ndpi 491520 0
[root@ns7test /]# grep ndpi /etc/shorewall/modules
loadmodule xt_ndpi
[root@ns7test /]# grep ndpi /etc/shorewall/shorewall.conf
MODULESDIR=+extra/xt_ndpi
Test case will follow…
created firewall rule any/any/facebook and any/any/youtube. both worked.
facebook and youtube were blocked.
2 Questions:
Is there a list of possible dpi protocols?
How to block a simple url with dpi? Possible?
Test 3: I can’t do. Sorry, no 2nd provider.
Yes:
http://docs.nethserver.org/en/v7b/firewall.html#deep-packet-inspection-dpi
No it’s not, the DPI module works on tcp/udp connections level.
Done! Thanks to all for the testing job!