dcsimg

Paul Russell Archive

Packet Filtering with Linux 2.4′s iptables
The Linux 2.4 kernel is just around the corner and, in theory, is supposed to be coming to a computer near you around the time you read this article. So in the interest of shamelessly tapping into the 2.4 hype and excitement, this month's column is about the extensions to packet filtering you will have at your fingertips when you finally get your hands on the Linux 2.4 kernel. (See pg. 30 for the complete story on Linux 2.4. -Ed.)
Using PAM and Shadow Files to Get Beyond Eight-Character Passwords
Building on last month's column on host security, I'm going to meander into an area that has bugged me for some time: those damned eight-character Unix passwords. Linux is burdened with this unsightly legacy, but it's fairly simple to fix, and I describe the problem and the solutions in this column.
Security Basics
Last issue we covered the packet filtering schemes Linux uses at the moment, and will use in the near future. In keeping with my effort to defy any kind of road map of these articles, I will devote this column to some basic issues involved in increasing the security of a Linux box. The art of implementing a security policy is very much one of balancing ease of use with security.
Beyond Ipchains
Seems, I never wrote nothing more stupid.
Anatomy of a Patch
Andi Kleen was sitting on IRC the whole time, suggesting ideas and going over the code.
Keeping the TCP/IP Stream Flowing
In my June column, I gave an overview of IPv4 (Internet Protocol, version 4), and described some common problems with its implementation. This month, I'm going to give you the same kind of information for TCP; the Transmission Control Protocol, which makes up well over 95% of unencrypted traffic on the Internet.
Fragments: Small Packet — Big Problems
Welcome back, gentle reader. Last month I provided a brief introduction to packet filtering under Linux -- how to get your Linux box to drop specific network packets which pass through it. This month I'm going to do something I wouldn't ordinarily, but hey, I was busy working on the next-generation packet filtering stuff when the deadline for this column hit me; just don't tell the editors and maybe we can get away with it :).
IPchains: Packet Filtering for Linux 2.2
When Linus released the 2.1.102 development kernel last May, people were surprised that the old packet filtering control program, Jos Vos's ipfwadm, no longer worked. Documentation of the change followed in 2.1.103.