I have multiple vm’s and physical machines that I run ZeroShell-16 and on all of them the Layer7 matching through iptables works, even in the QoS portion (which is really in the mangle table POSTROUTING chain).
With ZeroShell 2.0 RC1 Layer7 does not work at all, nowhere. I have noted that in ZeroShell-16 the version of iptables utilized is 1.4.0 while in ZeroShell-2.0 the version is 1.4.13. It is also of note that the kernel version of ZeroShell-16 is 2.6.25 while ZeroShell-2.0 it is 3.4.6.
The announcement of 2.0 RC1 mentions improvements regarding QoS functionality, but does not mention anything at all about Layer7 being completely broken.
Did you test this before you put it together? Is this a problem solely related to userspace Layer7 application? I noted that are questions in this thread relating to Layer7 failures from as far back as Aug 2012 and NO REPLY from you, since this is a fairly significant component of your product can you give some direction?