Linux Journal: Roll Your Own Firewall with Netfilter
Oct 14, 2003, 08:00 (0 Talkback[s])
(Other stories by Victor Castro)
Every self-respecting Linux guru should be familiar
with firewalls and how to install and configure them. With this in
mind, Linux gurus also should be curious about how firewalls
function and how to build a firewall of his or her own. Explaining
exactly these two things is the goal of this article. Here, we
attempt to write a firewall in less than 60 lines of C code. As
impossible as this may sound, it actually is quite simple to do
using the power of Linux kernel modules and Netfilter.
"Netfilter is a packet filtering subsystem in the Linux kernel
stack and has been there since kernel 2.4.x. Netfilter's core
consists of five hook functions declared in linux/netfilter_ipv4.h.
Although these functions are for IPv4, they aren't much different
from those used in the IPv6 counterpart. The hooks are used to
analyze packets in various locations on the network stack..."