[Oisf-devel] OPNsense App Detection rules meets trafficid

Muenz, Michael m.muenz at spam-fetish.org
Thu Apr 5 11:18:16 UTC 2018

Hi list,

within the last months we created a set of rules handling (web) 
application detection. [1]
As an input we just need some lines with an application name, group and 
the URL. [2]
We put this list over a small script [3] and get per line 3 rules 
catching DNS, http and tls_sni.

Now I heard about your trafficid initiative and I love the approach via 

Sadly it's very hard to add and maintain rules like this esp. when new 
input comes from
the community. This is our main goal cause time is limited for all of us.

Since we don't want to reinvent the wheel and your way seems a bit more 
perhaps we can find a way (a wrapper?) to merge both logics?

Happy about any kind of feedback! :)


[1] https://github.com/opnsense/rules
[2] https://github.com/opnsense/rules/blob/master/src/social-media.lst#L2-L4
[3] https://github.com/mimugmail/surigen

More information about the Oisf-devel mailing list