57 lines
2.5 KiB
Plaintext
57 lines
2.5 KiB
Plaintext
Title: TheFuture of Linux Firewalling
|
|
|
|
Abstract:
|
|
|
|
The netfilter/iptables system is about five years old. With Linux kernel 2.4.x
|
|
being already deprecated by 2.6.x during the last two years, even 'old' linux
|
|
systems are using netfilter/iptables as their packet filtering subsystem.
|
|
|
|
netfilter/iptables is no doubt a big improvement over the old ipchains system
|
|
in the 2.2.x kernels. Hoewever, as with any project - after wide deployment
|
|
for some time, we start to discover aspects that can be implemented more
|
|
cleanly, more efficently.
|
|
|
|
The constant innovation and development of new applications and protocols (like
|
|
SIP) on the internet also raise new requirements towards the linux packet
|
|
filter.
|
|
|
|
So the question is: Is it time for yet another generation of the linux packet
|
|
filtering subsystem? Will the tradition of change
|
|
(ipfwadm->ipchains->iptables->?) be continued? Or can we integrate all
|
|
necessarry changes within the current framework?
|
|
|
|
The presentation will cover a summary of the problems with the current
|
|
netfilter/iptables implementation and describe the proposed solutions.
|
|
|
|
Intended Audience: System and Network Administrators
|
|
|
|
Prerequsites: Knowledge about Packet Filters. Usage of iptables.
|
|
|
|
About the Speaker:
|
|
|
|
Harald Welte is the chairman of the netfilter/iptables core team.
|
|
|
|
His main interest in computing has always been networking. In the few time
|
|
left besides netfilter/iptables related work, he's writing obscure documents
|
|
like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network
|
|
stack". Other kernel-related projects he has been contributing are user mode
|
|
linux, the international (crypto) kernel patch, device drivers and the
|
|
neighbour cache.
|
|
|
|
He has been working as an independent IT Consultant working on projects for
|
|
various companies ranging from banks to manufacturers of networking gear.
|
|
During the year 2001 he was living in Curitiba (Brazil), where he got
|
|
sponsored for his Linux related work by Conectiva Inc.
|
|
|
|
Starting with February 2002, Harald has been contracted part-time by
|
|
<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his
|
|
current netfilter/iptables work.
|
|
|
|
Aside from the Astaro sponsoring, he continues to work as a freelancing
|
|
kernel developer and network security consultant.
|
|
|
|
He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges.
|
|
|
|
Harald is living in Berlin, Germany.
|
|
|