• If users would like to control traffic using l7-filter, we
provide a list of filter names, descriptions, and their
quality for users to choose from. Users can choose
multiple filters per rule.
• BaCon allows control of multiple services or multiple
applications in one rule. This simplifies rule
management.
• BaCon performs error checking on IP address format,
valid port number range, and valid l7-filter names.
• BaCon works with existing firewall tools because
BaCon sets up a separate iptables chain. The BaCon
chain will be executed before other chains.
• BaCon alerts inconsistent and conflicting rules as
described in Section III-C.
• BaCon offers scheduling capability which allows
flexibility of control. For example, users can choose to
activate a rule every certain hour-of-day, or certain dayof-
week.
• There are three privilege levels for BaCon users:
monitor only, monitor & control, and super user.