A Study on Application Layer Classification for Firewalls Using Regular Expression Matching

Traditional network level firewalls, based on port and IP addresses, are inadequate for dealing with the development of applications and protocols that do not follow the conventions of port services established by IANA (Internet Assigned Numbers Authority). Therefore firewalls capable of accurately classifying and filtering connections based on application information are needed. This paper studies one such firewall using Netfilter/Iptables with the L7-filter packet classifier to perform application layer filtering. This packet classifier uses regular expressions to match applications with a protocol definition database. We analyze a video streaming protocol, the Adobe Real Time Messaging Protocol (RTMP), to produce a protocol definition. Analysis of the performance of the protocol definition and L7-filter usage in general in a simulated network environment shows that this implementation functions well and does not disrupt network performance.