L 7

What Was L7-filter?

L7-filter was a first generation classifier for Linux's Netfilter that identified packets based on application layer data. It could classify packets as Kazaa, HTTP, Jabber, Citrix, BitTorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complemented existing classifiers that match on IP address, port numbers and so on. l7-filter was typically used in conjunction with Linux QoS to do bandwidth arbitration ("packet shaping") or traffic accounting.

Next Generation DPI: Netifyd

ClearFoundation - the makers of ClearOS - took on the maintenance of the software in 2009. However, as more Internet traffic migrated to encrypted protocols like HTTPS, IMAPS, encrypted BitTorrent, etc. l7-filter became less effective. In 2017, with the spirit of l7-filter still alive, the last project maintainer created Netifyd - a next generation open source DPI engine.

A Moment in Deep Packet Inspection History

The following information is maintained for historical purposes.


The original coders were Justin Levandoski, Ethan Sommer, and Matthew Strait, with support from Sebastian Celis, Andy Exley, Lillie Kittredge and Darryl Sokoloski. l7-filter would not have been possible without the help from the community. Here is the full list of thank yous.


Front-ends that used l7-filter:

Similar Projects

Similar projects:

Archived News

  • December 3, 2017 - Netify kick-off - a next generation l7-filter.
  • October 8, 2013 - netfilter-layer7 2.23 has been released.
  • January 25, 2011 - l7-filter userspace 0.12-beta1 has been released.
  • July 21, 2010 - ClearOS Enterprise 5.2 has been released, l7-filter testing begins.