Dana pointed this out to me.... Application Layer Packet Classifier for Linux.
This is a classifier for the Linux kernel's Netfilter subsystem that identifies packets based on application layer data (OSI layer 7). This means that it can classify packets as HTTP, FTP, Gnucleus, eDonkey2000, etc, regardless of port. Our classifier complements existing ones that match on address, port numbers and so on.Basically this means your firewall can be told to say, block http traffic into the network and it'll work regardless of if some clever employee has set up a webserver on port 8080, or 31337. Wonder how slow it is though, doing regex matching on application layer data doesn't scream "speed" to me :) Course, with todays bandwidth and computer speed....