Layer 7

From pfSense Documentation
Jump to: navigation, search

Layer 7 filtering or shaping is identifying traffic at layer 7 (Application Layer) of the OSI model. The latest Snort package versions now include Application ID detection using Sourcefire OpenAppID Detectors. OpenAppID is an application-layer network security plugin for the open source intrusion detection system Snort. Learn more about it here.

How to set up Snort package and Application ID detection .

In previous versions pfSense used to contain a Layer 7 classifier, ipfw-classifyd, but it has been removed. It was non-functional on pfSense 2.2.x and removed entirely from pfSense 2.3 onward because it was not feasible to fix. L7 classification consumed large amounts of CPU and rarely had the intended effect, and it was a rarely used feature even when it did function. Today we recommend using Application ID feature from Snort package instead.

From Wikipedia:

Layer 7: Application Layer The application layer is the OSI layer closest to the end user, which means both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. The most important distinction in the application layer is the distinction between the application-entity and the application. For example, a reservation website might have two application-entities: one using HTTP to communicate with its users, and one for a remote database protocol to record reservations. Neither of these protocols have anything to do with reservations. That logic is in the application itself. The application layer per se has no means to determine the availability of resources in the network.