24 lines
870 B
Plaintext
24 lines
870 B
Plaintext
The netfilter framework in Linux 2.4
|
|
|
|
Linux 2.4 provides a sophisticated infrastructure, called netfilter, which is the basis for packet filtering, network address translation and packet mangling.
|
|
|
|
The whole firewalling implementation has been rewritten from scratch.
|
|
|
|
Netfilter is a clean, abstract and well-defined interface to the network stack. It is easily extendable due to its modular concept.
|
|
|
|
The presentation covers the following topics:
|
|
|
|
- Netfilter concepts
|
|
- Infrastructure provided by the network stack
|
|
- IP tables
|
|
- Packet filtering
|
|
- The builtin matches and targets
|
|
- Stateful Firewalling (Connection Tracking)
|
|
- Network address translation
|
|
- Source NAT, destination NAT, Masquerading, transparent proxying
|
|
- Packet mangling
|
|
- Queuing packets to userspace
|
|
- Current work / Future / Netfilter-related projects
|
|
|
|
Harald Welte <laforge@gnumonks.org>
|