Firewall and Traffic Shaping using nDPI Deep Packet Inspection

Zeroshell, from the very first release, it has the LAYER 7 filters that allow you to identify network connections regardless of the TCP/UDP ports used, looking instead to the content of the packets. This comes in handy, especially in cases where you want to block, limit or prioritize certain services otherwise difficult to identify as P2P traffic, VoIP connections and more. Unfortunately, the latest update of the L7-filter project goes back several years ago and this is making it unbearable to continue to include it in Zeroshell. However, believing that the Deep Packet Inspection function is inevitable in a Firewall, we are trying to integrate a module of Netfilter based on nDPI libraries, maintained and updated by NTOP developers, who are an extension of the well-known OpenDPI.

Configure DPI Firewall to filter Social Networks
Configure DPI Firewall to filter Social Networks

Protocols recognized by nDPI

Zeroshell uses the version 1.7 of nDPI. Using the command

iptables -mndpi –help

you get the list of recognized protocols and of which, by way of example, we list some:

  • amazon
  • apple
  • apple_icloud
  • apple_itunes
  • bittorrent
  • ciscovpn
  • citrix
  • dhcp
  • dhcpv6
  • dns
  • dropbox
  • ebay
  • edonkey
  • facebook
  • fasttrack
  • gmail
  • google
  • google_maps
  • h323
  • http
  • http_proxy
  • iax
  • instagram
  • kerberos
  • ldap
  • mail_imap
  • mail_imaps
  • mail_pop
  • mail_pops
  • mail_smtp
  • mail_smtps
  • microsoft
  • mms
  • mpeg
  • mysql
  • netbios
  • netflix
  • netflow
  • nfs
  • ntp
  • openvpn
  • oracle
  • pcanywhere
  • pptp
  • quicktime
  • radius
  • rdp
  • realmedia
  • rtsp
  • sip
  • skype
  • smb
  • ssh
  • ssl
  • ssl_no_cert
  • syslog
  • teamviewer
  • telegram
  • telnet
  • tftp
  • tor
  • twitter
  • ubuntuone
  • upnp
  • viber
  • vmware
  • vnc
  • whatsapp
  • whatsapp_voice
  • wikipedia
  • windows_update
  • winmx
  • xbox
  • xdmcp
  • yahoo
  • youtube

 

The nDPI classification of the network traffic can used not only in the firewall section , but also for control the bandwidth using the QoS and Traffic Shaping module. In the image below you can see how to reduce the bandwith assigned to the Windows Update just using Network Packet Inspection to select the protocol without using TCP port

Reduce the Bandwidth of Windows Updates Traffic
Reduce the Bandwidth of Windows Update Traffic