|
Iptables
iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets. Different kernel modules and programs are currently used for different protocols; ''iptables'' applies to IPv4, ''ip6tables'' to IPv6, ''arptables'' to ARP, and ' to Ethernet frames. iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as and documented in its man pages, which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is more like a service rather than an "essential binary", the preferred location remains . The term ''iptables'' is also commonly used to inclusively refer to the kernel-level componen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Netfilter
Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network. Netfilter represents a set of hooks inside the Linux kernel, allowing specific kernel modules to register callback functions with the kernel's networking stack. Those functions, usually applied to the traffic in the form of filtering and modification rules, are called for every packet that traverses the respective hook within the networking stack. History Rusty Russell started the ''netfilter/iptables project'' in 1998; he had also authored the project's predecessor, ipchains. As the project grew, he founded the ''Netfilter Core Team'' (or ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Nftables
nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014. nftables replaces the legacy iptables portions of Netfilter. Among the advantages of nftables over iptables is less code duplication and easier extension to new protocols. nftables is configured via the user-space utility ''nft'', while legacy tools are configured via the utilities ''iptables'', ''ip6tables'', '' arptables'' and ''ebtables'' frameworks. nftables utilizes the building blocks of the Netfilter infrastructure, such as the existing hooks into the networking stack, connection tracking system, userspace queueing component, and logging subsystem. nft Command-line syntax A command to drop any packets with destination IP address 1.2.3.4: nft add rule ip filter output ip daddr 1.2.3.4 drop Note that the new syntax differs significantly from that of iptables, in which the same ru ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ipchains
Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter or firewall capabilities in the 2.2 series of Linux kernels. It superseded ipfirewall (managed by ipfwadm command), but was replaced by iptables in the 2.4 series. Unlike iptables, ipchains is stateless. It is a rewrite of Linux's previous IPv4 firewall, ipfirewall. This newer ipchains was required to manage the packet filter in Linux kernels starting with version 2.1.102 (which was a 2.2 development release). Patches are also available to add ipchains to 2.0 and earlier 2.1 series kernels. Improvements include larger maxima for packet counting, filtering for fragmented packets and a wider range of protocols, and the ability to match packets based on the inverse of a rule. The ipchains suite also included some shell scripts for easier maintenance and to emulate the behavior of the old ipfwadm command. The ipchains software was superseded by the iptables system in Linux kerne ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FireHOL
FireHOL is a shell script designed as a wrapper for iptables written to ease the customization of the Linux kernel's firewall netfilter. FireHOL is free software and open-source, distributed under the terms of the GNU General Public License. FireHOL does not have graphical user interface, but is configured through an easy to understand plain text configuration file. FireHOL first parses the configuration file and then sets the appropriate iptables rules to achieve the expected firewall behavior. It is a large, complex BASH Bash or BASH may refer to: Arts and entertainment * ''Bash!'' (Rockapella album), 1992 * ''Bash!'' (Dave Bailey album), 1961 * '' Bash: Latter-Day Plays'', a dramatic triptych * ''BASH!'' (role-playing game), a 2005 superhero game * "Bash" ('' ... script file, depending on the iptables console tools rather than communicating with the kernel directly. Any Linux system with iptables, BASH, and the appropriate tools can run it. Its main drawback is slower st ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Rusty Russell
Rusty Russell is an Australian free software programmer and advocate, known for his work on the Linux kernel's networking subsystem and the Filesystem Hierarchy Standard. Software development Russell wrote the packet filtering systems ipchains and netfilter/iptables in the Linux operating system kernel. Linus Torvalds referred to him as one of his "top deputies" in 2003. In 2002, Russell announced the creation of the Trivial Patch Monkey, an email address for kernel hackers to submit trivial patches such as spelling errors, one-liners, documentation tweaks and other minor amendments to the code base. Adrian Bunk took over the role in 2005. In 2006 Russell started work as the major developer of the " lguest" virtualisation system in the Linux Kernel. In October 2009, he was officially given a SAMBA Team T-shirt welcoming him to the Samba Team. In 2014 he started pettycoin, a cryptocurrency project. Rusty Russell authored the majority part of Bitcoin's Lightning Network pr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NPF (firewall)
NPF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw, ipfilter and PF. NPF is developed on NetBSD NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is ava .... History NPF was primarily written by Mindaugas Rasiukevicius. NPF first appeared in the NetBSD 6.0 release in 2012. Features NPF is designed for high performance on SMP systems and for easy extensibility. It supports various forms of Network Address Translation (NAT), stateful packet inspection, tree and hash tables for IP sets, bytecode ( BPF or n-code) for custom filter rules and other features. NPF has extension framework for supporting custom modules. Features such as packet logging, traffic normalization, random blocking are provided as NPF exten ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NuFW
NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI. Introduction NuFW / UFWI is an extension of Netfilter which brings the notion of user to IP filtering. NuFW / UFWI can : * Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate). * Perform accounting, routing and Quality of service (QOS) based on users and not simply on IPs. * Filter packets with criteria such as application and OS used by distant users. * Be the key of a secure and simple Single Sign On system. Principles NuFW / UFWI refuses the idea of ''IP user'' as an IP address can easily be spoofed. It thus uses its own algorithm to perform authenticatio ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shorewall
Shorewall is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files. Configuration It is not a daemon since it does not run continuously, but rather configures rules in the kernel that allow and disallow traffic through the system. Shorewall is configured through a group of plain-text configuration files and does not have a graphical user interface, though a Webmin module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and to assist in testing. Use Shorewall is mainly used in network installations (as opposed to a personal computer firewall), since most of its strength lies in its ability to work with "zones", such as the DMZ or a 'net' zone. Each zone would then have differen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PF (firewall)
PF (Packet Filter, also written pf) is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter. PF was developed for OpenBSD, but has been ported to many other operating systems. History PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's CVS tree on 30 May 2001 due to OpenBSD developers' concerns with its license. The initial version of PF was written by Daniel Hartmeier. It appeared in OpenBSD 3.0, which was released on 1 December 2001. It was later extensively redesigned by Henning Brauer and Ryan McBride with most of the code written by Henning Brauer. Henning Brauer is currently the main developer of PF. Features The filtering syntax is similar to IPFilter, with some modifications to make it clearer. Network address translation (NAT) and quality of service (QoS) have been i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ipfirewall
ipfirewall or ipfw is a FreeBSD IP, stateful firewall, packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus enables users to satisfy advanced requirements. It can either be used as a loadable kernel module or incorporated into the kernel; use as a loadable kernel module where possible is highly recommended. ipfw was the built-in firewall of Mac OS X until Mac OS X 10.7 Lion in 2011 when it was replaced with the OpenBSD project's PF. Like FreeBSD, ipfw is open source. It is used in many FreeBSD-based firewall products, including m0n0wall and FreeNAS. A port of an early version of ipfw was used since Linux 1.1 as the first implementation of firewall available for Linux, until it was replaced by ipchains. A modern port of ipfw and the ''dummynet'' traffic shaper is ava ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Uncomplicated Firewall
Uncomplicated Firewall (UFW) is a program for managing a netfilter firewall designed to be easy to use. It uses a command-line interface consisting of a small number of simple commands, and uses iptables for configuration. UFW is available by default in all Ubuntu installations since 8.04 LTS. UFW has been available by default in all Debian installations since 10. GUIs for Uncomplicated Firewall Gufw is intended to be an easy, intuitive graphical user interface for managing Uncomplicated Firewall. It supports common tasks such as allowing or blocking pre-configured, common P2P, or individual ports. Gufw has been designed for Ubuntu, but is also available in Debian-based distributions and in Arch Linux; anywhere Python, GTK GTK (formerly GIMP ToolKit and GTK+) is a free and open-source cross-platform widget toolkit for creating graphical user interfaces (GUIs). It is licensed under the terms of the GNU Lesser General Public License, allowing both free and propriet . ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OSI Model
The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of SOstandards development for the purpose of systems interconnection'. In the OSI reference model, the communications between a computing system are split into seven different abstraction layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. The model partitions the flow of data in a communication system into seven abstraction layers to describe networked communication from the physical implementation of transmitting bits across a communications medium to the highest-level representation of data of a distributed application. Each intermediate layer serves a class of functionality to the layer above it and is served by the layer below it. Classes of functionality are realized in all software development through all and any standardized communication protocols. Each layer in the OSI model has its own well-defined funct ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
