diff options
author | Harald Welte <laforge@gnumonks.org> | 2015-10-25 21:00:20 +0100 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2015-10-25 21:00:20 +0100 |
commit | fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 (patch) | |
tree | a2011270df48d3501892ac1a56015c8be57e8a7d /2002/netfilter-internals-lsm2002/abstract |
import of old now defunct presentation slides svn repo
Diffstat (limited to '2002/netfilter-internals-lsm2002/abstract')
-rw-r--r-- | 2002/netfilter-internals-lsm2002/abstract | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/2002/netfilter-internals-lsm2002/abstract b/2002/netfilter-internals-lsm2002/abstract new file mode 100644 index 0000000..1cc18b0 --- /dev/null +++ b/2002/netfilter-internals-lsm2002/abstract @@ -0,0 +1,49 @@ +Linux 2.4.x netfilter/iptables firewalling internals (lt-690870524) + + The Linux 2.4.x kernel series has introduced a totally new kernel firewalling subsystem. It is much more than a plain successor of ipfwadm or ipchains. + + The netfilter/iptables project has a very modular design and it's +sub-projects can be split in several parts: netfilter, iptables, connection +tracking, NAT and packet mangling. + + While most users will already have learned how to use the basic functions +of netfilter/iptables in order to convert their old ipchains firewalls to +iptables, there's more advanced but less used functionality in +netfilter/iptables. + + The presentation covers the design principles behind the netfilter/iptables +implementation. This knowledge enables us to understand how the individual +parts of netfilter/iptables fit together, and for which potential applications +this is useful. + +Topics covered: + +- overview about the internal netfilter/iptables architecture + - the netfilter hooks inside the network protocol stacks + - packet selection with IP tables + - how is connection tracking and NAT integrated into the framework +- the connection tracking system + - how good does it track the TCP state? + - how does it track ICMP and UDP state at all? + - layer 4 protocol helpers (GRE, ...) + - application helpers (ftp, irc, h323, ...) + - restrictions/limitations +- the NAT system + - how does it interact with connection tracking? + - layer 4 protocol helpers + - application helpers (ftp, irc, ...) +- misc + - how far is IPv6 firewalling with ip6tables? + - advances in failover/HA of stateful firewalls + - ivisible firewalls with iptables on a bridge + - userspace packet queueing with QUEUE + - userspace packet logging with ULOG + +Requirements: +- knowledge about the TCP/IP protocol family +- knowledge about general firewalling and packet filtering concepts +- prior experience with linux packet filters + +Audience: +- firewall administrators +- network developers |