Netfilter changes on Linux Kernel 2.6.24.x

tonny.adhi.sabastian

Monday, February 25. 2008

Posted by Tonny Adhi Sabastian in Linux And OSS

Comments (0)
Trackbacks (0)

Netfilter changes on Linux Kernel 2.6.24.x

Linux 2.6.24.2 Core Netfilter Configuration Dialog

Netfilter is the packet filtering framework under Linux 2.4.x and 2.6.x. We usually use it with IPTABLES under linux user space to build stateful or stateless firewall, network addres translation and of course network packet filtering.

There are some useful change that you can find on netfilter on linux-2.6.24.x "vanilla" source tree. Some additional features from netfilter patchlet repository has been merged into kernel stable source tree.

Some changes that you can easily notice inside the kernel Core Netfilter Configuration are connlimit option and time option.

By using connlimit, you can easily manage incoming or outgoing parallel connection from your host inside the kernel. Time option adds a "time" match, which allows you to match based on the packet arrival time (at the machine which netfilter is running ) or departure time/date (for locally generated packets)

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: BBCode format allowed
	Remember Information? Subscribe to this entry