From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- 2005/netfilter_iptables-cluc2005/abstract | 56 +++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 2005/netfilter_iptables-cluc2005/abstract (limited to '2005/netfilter_iptables-cluc2005/abstract') diff --git a/2005/netfilter_iptables-cluc2005/abstract b/2005/netfilter_iptables-cluc2005/abstract new file mode 100644 index 0000000..1aab81a --- /dev/null +++ b/2005/netfilter_iptables-cluc2005/abstract @@ -0,0 +1,56 @@ +Title: TheFuture of Linux Firewalling + +Abstract: + +The netfilter/iptables system is about five years old. With Linux kernel 2.4.x +being already deprecated by 2.6.x during the last two years, even 'old' linux +systems are using netfilter/iptables as their packet filtering subsystem. + +netfilter/iptables is no doubt a big improvement over the old ipchains system +in the 2.2.x kernels. Hoewever, as with any project - after wide deployment +for some time, we start to discover aspects that can be implemented more +cleanly, more efficently. + +The constant innovation and development of new applications and protocols (like +SIP) on the internet also raise new requirements towards the linux packet +filter. + +So the question is: Is it time for yet another generation of the linux packet +filtering subsystem? Will the tradition of change +(ipfwadm->ipchains->iptables->?) be continued? Or can we integrate all +necessarry changes within the current framework? + +The presentation will cover a summary of the problems with the current +netfilter/iptables implementation and describe the proposed solutions. + +Intended Audience: System and Network Administrators + +Prerequsites: Knowledge about Packet Filters. Usage of iptables. + +About the Speaker: + + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing are user mode +linux, the international (crypto) kernel patch, device drivers and the +neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +Astaro AG, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + -- cgit v1.2.3