[Oisf-devel] OPNsense App Detection rules meets trafficid
Muenz, Michael
m.muenz at spam-fetish.org
Thu Apr 5 11:18:16 UTC 2018
Hi list,
within the last months we created a set of rules handling (web)
application detection. [1]
As an input we just need some lines with an application name, group and
the URL. [2]
We put this list over a small script [3] and get per line 3 rules
catching DNS, http and tls_sni.
Now I heard about your trafficid initiative and I love the approach via
yaml!
Sadly it's very hard to add and maintain rules like this esp. when new
input comes from
the community. This is our main goal cause time is limited for all of us.
Since we don't want to reinvent the wheel and your way seems a bit more
consistant,
perhaps we can find a way (a wrapper?) to merge both logics?
Happy about any kind of feedback! :)
Best,
Michael
[1] https://github.com/opnsense/rules
[2] https://github.com/opnsense/rules/blob/master/src/social-media.lst#L2-L4
[3] https://github.com/mimugmail/surigen
More information about the Oisf-devel
mailing list