26 lines
1016 B
Plaintext
26 lines
1016 B
Plaintext
Future directions of linux firewalling
|
|
|
|
Harald Welte, netfilter core team & Astaro AG
|
|
|
|
The Linux 2.4.x series provided a fundamental redesign of the packet filtering
|
|
and NAT framework, called netfilter/iptables. This flexible and modular
|
|
framwork still had it's limitations. This BOF will discuss the recent and
|
|
upcoming changes during the 2.4.x kernel series, as well as planned and
|
|
partially implemented changes/extensions for the 2.5.x kernel series.
|
|
|
|
Topics covered:
|
|
|
|
2.4.x stuff:
|
|
- The newnat API; supporting connection tracking and NAT for complex protocols
|
|
like H.323
|
|
- Accessing connection tracking table entries from userspace: ctnetlink
|
|
- Packet filtering and even NAT on a bridge
|
|
|
|
2.5.x stuff:
|
|
- libiptables: Providing a flexible and extensible API towards all iptables
|
|
features
|
|
- pkttables: Creating a layer-3-protocol independent layer for rule tables;
|
|
unifying iptables, ip6tables and arptables.
|
|
- nfnetlink: Move all netfilter/iptables related kernel/userspace communication
|
|
towards netlink
|