blob: f70cb6a47961a725ba65a1e558dc644ec41cf365 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Future directions of linux firewalling
Harald Welte, netfilter core team & Astaro AG
The Linux 2.4.x series provided a fundamental redesign of the packet filtering
and NAT framework, called netfilter/iptables. This flexible and modular
framwork still had it's limitations. This BOF will discuss the recent and
upcoming changes during the 2.4.x kernel series, as well as planned and
partially implemented changes/extensions for the 2.5.x kernel series.
Topics covered:
2.4.x stuff:
- The newnat API; supporting connection tracking and NAT for complex protocols
like H.323
- Accessing connection tracking table entries from userspace: ctnetlink
- Packet filtering and even NAT on a bridge
2.5.x stuff:
- libiptables: Providing a flexible and extensible API towards all iptables
features
- pkttables: Creating a layer-3-protocol independent layer for rule tables;
unifying iptables, ip6tables and arptables.
- nfnetlink: Move all netfilter/iptables related kernel/userspace communication
towards netlink
|