13 lines
1.1 KiB
Plaintext
13 lines
1.1 KiB
Plaintext
The netfilter/iptables system is about three years old. With Linux kernel 2.4.x being deployed widely during the last two years, lots of systems worldwide are using netfilter/iptables as their packet filtering subsystem.
|
|
|
|
netfilter/iptables is no doubt a big improvement over the old ipchains system in the 2.2.x kernels. Hoewever, as with any project - after wide deployment for some time, we start to discover aspects that can be implemented more cleanly, more efficently.
|
|
|
|
The constant innovation and development of new applications and protocols (like SIP) on the internet also raise new requirements towards the linux packet filter.
|
|
|
|
So the question is: Is it time for yet another generation of the linux packet filtering subsystem? Will the tradition of change (ipfwadm->ipchains->iptables->?) be continued? Or can we integrate all necessarry changes within the current framework?
|
|
|
|
The presentation will cover a summary of the problems with the current netfilter/iptables implementation and describe the proposed solutions.
|
|
|
|
Intended Audience: System and Network Administrators
|
|
Prerequsites: Knowledge about Packet Filters. Usage of iptables.
|