diff options
Diffstat (limited to '2003/netfilter-curdevel-lt2003/abstract')
-rw-r--r-- | 2003/netfilter-curdevel-lt2003/abstract | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/2003/netfilter-curdevel-lt2003/abstract b/2003/netfilter-curdevel-lt2003/abstract new file mode 100644 index 0000000..d6ee41c --- /dev/null +++ b/2003/netfilter-curdevel-lt2003/abstract @@ -0,0 +1,12 @@ +The netfilter/iptables system is about three years old. With Linux kernel 2.4.x being deployed widely during the last two years, lots of systems worldwide are using netfilter/iptables as their packet filtering subsystem. + +netfilter/iptables is no doubt a big improvement over the old ipchains system in the 2.2.x kernels. Hoewever, as with any project - after wide deployment for some time, we start to discover aspects that can be implemented more cleanly, more efficently. + +The constant innovation and development of new applications and protocols (like SIP) on the internet also raise new requirements towards the linux packet filter. + +So the question is: Is it time for yet another generation of the linux packet filtering subsystem? Will the tradition of change (ipfwadm->ipchains->iptables->?) be continued? Or can we integrate all necessarry changes within the current framework? + +The presentation will cover a summary of the problems with the current netfilter/iptables implementation and describe the proposed solutions. + +Intended Audience: System and Network Administrators +Prerequsites: Knowledge about Packet Filters. Usage of iptables. |