Linux Magazine: Network Security With Linux 2.4

“The Linux 2.4 kernel is just around the corner and, in theory,
is supposed to be coming to a computer near you around the time you
read this article. So in the interest of shamelessly tapping
into the 2.4 hype and excitement, this month’s column is about the
extensions to packet filtering you will have at your fingertips
when you finally get your hands on the Linux 2.4 kernel.”

“In my October 1999 column, I wrote about the netfilter
architecture that was introduced in the 2.3 kernels to separate out
packet filtering, redirection, port forwarding, and masquerading
from the core of the networking code.”

“A variety of modules have been built on top of the netfilter
frame-work — masquerading and Net-work Address Translation (NAT),
state-tracking, and packet filtering. And there are
netfiltercompatibility modules for both Linux 2.2 (ipchains) and
2.0 (ipfwadm). These methods of packet filtering will be supported
for some time, but if you’re setting up a new configuration, you
should use the new packet-filtering code: iptables.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis