Linux Magazine: Network Security With Linux 2.4May 06, 2000, 14:35 (0 Talkback[s])
(Other stories by Paul Russell)
"The Linux 2.4 kernel is just around the corner and, in theory, is supposed to be coming to a computer near you around the time you read this article. So in the interest of shamelessly tapping into the 2.4 hype and excitement, this month's column is about the extensions to packet filtering you will have at your fingertips when you finally get your hands on the Linux 2.4 kernel."
"In my October 1999 column, I wrote about the netfilter architecture that was introduced in the 2.3 kernels to separate out packet filtering, redirection, port forwarding, and masquerading from the core of the networking code."
"A variety of modules have been built on top of the netfilter frame-work -- masquerading and Net-work Address Translation (NAT), state-tracking, and packet filtering. And there are netfiltercompatibility modules for both Linux 2.2 (ipchains) and 2.0 (ipfwadm). These methods of packet filtering will be supported for some time, but if you're setting up a new configuration, you should use the new packet-filtering code: iptables."