How i make to better layer7 implementation..??

I Note when I put the regexp, in my routerboard, the cpu increase the work.

I want to know, how i make to create a preclassified conecctions, and I want only that in this connections the layer 7 will be executed.

My idea is make a soft work for cpu.

Example: a policeman only stop truck cars for inspected the container.. the small cars can go free, the policeman only see the truck cars for inspected.

Excuseme for my english.

why do you specifially need to use layer7 rules? what kinds of traffic do you need to filter?


To improve performance, I suggest to place L7 rules near the end, so that all other traffic is already accepter or dropped, and only the rest gets searched for your l7 patterns