Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Re: Re: Re: wither ipchains?
- Date: Thu, 8 Aug 2002 03:16:50 +0200
- From: Tobias Diedrich <td@example.com>
- Subject: [tlug] Re: Re: Re: wither ipchains?
- References: <20020807034014.22378.qmail@example.com> <Pine.LNX.4.21.0208062249040.18662-100000@example.com> <20020807150810.GA31375@example.com> <20020807203351.GA2322@example.com> <20020807214700.GN31375@example.com>
- User-agent: Mutt/1.4i
Josh Glover wrote: > > AFAIK IPFilter is from BSD ? > > I did not think that they were the same thing. Am I mistaken? I don't say they are the same thing. A search on google seems to reveal that IPFilter is the name for FreeBSD's packet filter system. There is nothing called IPFilter in linux AFAIK. > > > documentation on the design of Linux IPFilter, please post them here, > > > > Well, you'd have to search for netfilter or iptables :-) > > Ha ha. Did so. Various permutations of netfilter linux design iptables > did very little for me on Google. Well, I may have to go to the > source. :( Searching for linux+iptables leads you to the official netfilter/iptables homepage :-) There you can find a short explanation: |netfilter and iptables are the framework inside the Linux 2.4.x kernel |which enables packet filtering, network address translation (NAT) and |other packet mangling. It is the re-designed and heavily improved |successor of the previous 2.2.x ipchains and 2.0.x ipfwadm systems. | |netfilter is a set of hooks inside the linux 2.4.x kernel's network |stack which allows kernel modules to register callback functions called |every time a network packet traverses one of those hooks. | |iptables is a generic table structure for the definition of rulesets. |Each rule within an IP table consists out of a number of classifiers |(matches) and one connected action (target). | |netfilter, iptables and the connection tracking as well as the NAT |subsystems together build the whole framework. There is also a link to a linux-journal articel with more in-depth explanation of what happens to a packet. > > The iptables (or ipchains) Kernel modules are the kernel support part of > > the filtering infrastructure. (The part actually playing with the > > packets) > > IPFilter should be playing with the packets. I think that the kernel > modules are interfaces for the userland programs to IPFilter, which > makes very little sense. I think what you call IPFilter is really iptables (or ipchains for 2.2 kernels). (Because according to the homepage netfilter is an infrastructure which allows for a plugable packet filter and iptables is the actual kernel space implementation of a packet filter which uses the netfilter hooks) IPFilter = FreeBSD packet filter ipchains = linux-2.2 packet filter iptables = linux-2.4 packet filter The userspace iptables tool is the interface to the kernel iptables packet filter. But I'm most definitly not an expert on this, you'd have to ask the kernel developers ^_- -- Tobias PGP: 0x9AC7E0BC This mail is made of 100% recycled bits Now playing: SPITZ - orenoakaihoshi
- References:
- [tlug] Re: wither ipchains?
- From: big0
- Re: [tlug] Re: wither ipchains?
- From: Marc Christensen
- Re: [tlug] Re: wither ipchains?
- From: Josh Glover
- [tlug] Re: Re: wither ipchains?
- From: Tobias Diedrich
- Re: [tlug] Re: Re: wither ipchains?
- From: Josh Glover
- [tlug] Re: wither ipchains?
- Prev by Date: Re: [tlug] Hiroshima Linux Users Group, soon coming
- Next by Date: Re: [tlug] Hiroshima Linux Users Group, soon coming
- Previous by thread: Re: [tlug] Re: Re: wither ipchains?
- Next by thread: Re: [tlug] Re: wither ipchains?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |