New traffic shaping with layer 7 filter support

Hi guys,

We have just added a new feature to our traffic shaping module: layer 7 filter.

We are using l7 filter to mark network packets based on its content. This is pretty useful for those of you who are in the need of throttling traffic that can use different ports. Shaping p2p traffic is much easier with this new feature.

We are using the kernel space version of l7-filter at the moment. We plan to switch to the user space version in a few months.

This version of l7-filter needs a patched kernel and patched iptables. But don’t worry just follow the steps below if you want to test it:

To install these packages add the following lines to your /etc/apt/sources.list file:

deb ./
deb hardy main

Once you have added the apt sources run:

apt-get update

First of all, we need to install the pactched kernel by running:

sudo apt-get install linux-image-2.6.24-19-l7filter

Now you will have to reboot to be able to use the new kernel.

If you manage to boot with the new kernel, the next step is installing the patched iptables package and ebox-l7-protocols:

sudo apt-get install ebox-l7-protocols iptables

If everything goes ok, you will be able to access and configure eBox through the web interface.

Note that the eBox traffic shaping module is meant to be used when your machine is acting as gateway, and you can shape on internal interfaces for ingress shaping and on external interfaces for egress shaping.

Don’t forget you will have to enable the firewall and add rules to accept traffic from your internal networks to internet.