SANS 2001
Title
Agenda
Why Linux?
What is a Packet Filter?
Packet Filter Criteria
Packet Filter Actions
TCP Connections
Stateless Packet Filtering
Stateful Packet Filtering (SPF)
Advantages of SPF
Kein Folientitel
Traversing the Kernel
Differences
Seite 17
Seite 19
Where to Get?
Compatibility
netfilter <-> iptables
Kernel Configuration
iptables - Syntax
iptables
Simple Rules
Adding/Deleting Rules
Order Matters
Logging
Further Options to Use
Tips & Tricks
/proc/sys/net/ipv4
Example Script I
Example Script II
Seite 35
4
4: Agenda
Active FTP
Active FTP II
Option: LIMIT
MAC Address Match
Seite 42
5
5: Agenda
NAT
Source NAT
Destination NAT
NAT need ConnTracking
Implementing Source NAT
Implementing Destination NAT
Masquerading/Redirecting
Seite 52
6
6: Agenda
User-Defined Chains
Optimization
Troubleshooting
Tweaking
7
7: Agenda
Handling Packets in Userspace
QUEUE/ULOG
High Availability
User Based Authentication
Seite 65
8
Real Hardware
Emulators
User Mode Linux Kernel
Test Network I
Test Network II
Questions ?
9
Firewalling
Netfilter
IPChains
Author: Ralf Spenneberg
E-Mail: ralf@spenneberg.de