What Was L7-filter?
L7-filter was a first generation classifier for Linux's Netfilter that identified packets based on application layer data. It could classify packets as Kazaa, HTTP, Jabber, Citrix, BitTorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complemented existing classifiers that match on IP address, port numbers and so on. l7-filter was typically used in conjunction with Linux QoS to do bandwidth arbitration ("packet shaping") or traffic accounting.
Next Generation DPI: Netifyd
ClearFoundation - the makers of ClearOS - took on the maintenance of the software in 2009. However, as more Internet traffic migrated to encrypted protocols like HTTPS, IMAPS, encrypted BitTorrent, etc. l7-filter became less effective. In 2017, with the spirit of l7-filter still alive, the last project maintainer created Netifyd - a next generation open source DPI engine.
A Moment in Deep Packet Inspection History
The following information is maintained for historical purposes.
Credits
The original coders were Justin Levandoski, Ethan Sommer, and Matthew Strait, with support from Sebastian Celis, Andy Exley, Lillie Kittredge and Darryl Sokoloski. l7-filter would not have been possible without the help from the community. Here is the full list of thank yous.
Archived News
- December 3, 2017 - Netify kick-off - a next generation l7-filter.
- October 8, 2013 - netfilter-layer7 2.23 has been released.
- January 25, 2011 - l7-filter userspace 0.12-beta1 has been released.
- July 21, 2010 - ClearOS Enterprise 5.2 has been released, l7-filter testing begins.
Documentation
- L7-Filter Technical Overview
- Netfilter: The official documentation - highly recommended.
- Linux Advanced Routing & Traffic Control HOWTO - this is the best attempt we have found to explain the mysteries of Linux QoS.
- Designing and Implementing Linux Firewalls and QoS.