Custom Protocols

From Wiki of WFilter NG Firewall
Jump to: navigation, search


Contents

1 Protocols

You can customize protocols and application in this module. Protocols can be blocked by App Control and reported in Reports.

Screenshots:

Protocols01.png

Protocols02.png

Settings:

  • Type:
    • TCP SEND, match TCP outgoing packets.
    • TCP RECV, match TCP incoming packets.
    • TCP ALL, match TCP outgoing & incoming packets.
    • UDP SEND, match UDP outgoing packets.
    • UDP RECV, match UDP incoming packets.
    • UDP ALL, match UDP outgoing & incoming packets.
    • HTTP SEND, match HTTP request headers.
    • HTTP RECV, match HTTP response headers.
    • TLS, match TLS domains.
  • Offset: start matching position.
  • Format:
    • Regular expression: matching packet content against a regular expression.
    • Fixed port: matching a fixed remote port.
  • Local Ports: matching local ports, allow comma separated list of port ranges, eg:"100-200,201,300-400".
  • Remote Ports: matching remote ports, allow comma separated list of port ranges, eg:"100-200,201,300-400".
  • Packet Length: matching packet length, allow comma separated list of length ranges, eg:"100-200,201,300-400".

2 Examples

2.1 Regular Expression

Take "HTTP" as an example, HTTP is matched against a regular expression as "^(GET|CONNECT|HEAD|OPTIONS|PUT)\s.*HTTP":

Protocols http.png

2.2 Fixed Port

Take "FTP" as an example, FTP runs on a fixed port 21, so we make a fixed port pattern:

Protocols ftp.png

Retrieved from "http://wiki.wfilterngf.com/index.php?title=Protocols&oldid=1102"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools