Linux Security HOWTO
: Network Security
: IP Chains - Linux Kernel 2.2.x Firewalling
Previous: Firewalls
Next: VPNs - Virtual Private Networks
8.11. IP Chains - Linux Kernel 2.2.x Firewalling
Linux IP Firewalling Chains is an update to the 2.0 Linux firewalling
code for the 2.2 kernel. It has many more features than
previous implementations, including:
- More flexible packet manipulations
- More complex accounting
- Simple policy changes possible atomically
- Fragments can be explicitly blocked, denied, etc.
- Logs suspicious packets.
- Can handle protocols other than ICMP/TCP/UDP.
If you are currently using ipfwadm
on your 2.0 kernel, there are scripts
available to convert the ipfwadm
command format to the format ipchains
uses.
Be sure to read the IP Chains HOWTO for further information. It is
available at http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
Linux Security HOWTO
: Network Security
: IP Chains - Linux Kernel 2.2.x Firewalling
Previous: Firewalls
Next: VPNs - Virtual Private Networks