The Linux 2.4 kernel is just around the corner and, in theory, is supposed to be coming to a computer near you around the time you read this article. So in the interest of shamelessly tapping into the 2.4 hype and excitement, this month’s column is about the extensions to packet filtering you will have at your fingertips when you finally get your hands on the Linux 2.4 kernel. (See pg. 30 for the complete story on Linux 2.4. -Ed.)
The Linux 2.4 kernel is just around the corner and, in theory, is supposed to be coming to a computer near you around the time you read this article. So in the interest of shamelessly tapping into the 2.4 hype and excitement, this month’s column is about the extensions to packet filtering you will have at your fingertips when you finally get your hands on the Linux 2.4 kernel. (See pg. 30 for the complete story on Linux 2.4. -Ed.)
In my October 1999 column, I wrote about the netfilter architecture that was introduced in the 2.3 kernels to separate out packet filtering, redirection, port forwarding, and masquerading from the core of the networking code.
netfilter is an organized infrastructure inside the kernel for writing extensions to these kinds of services. The idea with netfilter is to create a modular architecture that can be easily extended. New features can be added without an annoying reboot. You simply add a new kernel module.
A variety of modules have been built on top of the netfilter frame-work — masquerading and Net-work Address Translation (NAT), state-tracking, and packet filtering. And there are netfiltercompatibility modules for both Linux 2.2 (ipchains) and 2.0 (ipfwadm). These methods of packet filtering…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
