The netfilter iptables firewall system has undergone great advancements in the latest kernels, with the modified string matching option being more interesting among them for server administrators. Earlier kernels supported matching at the IP header level only, which was a limitation as the rules can be formed only based on header values like IP addresses, ports, packet state etc. Kernels from 2.6 include support for matching strings present in IP packets, inspecting the entire packet data. This article covers effective configuration and optimization of the iptables firewall system in 2.6.x kernels in order to more effectively defend against TCP attacks and to drop unwanted packets without messing them up with your business critical services!! The current iptables firewall maintained by the netfilter team is advancing to more powerful security and network management tool with the recent releases.It will be a topic of interest for any linux based server/network administrator. ![]() ![]() Linux provides its own firewall from the early releases itself. When it comes to any server or network connected to the internet, security from malicious files and hack attempts is a matter of concern for any administrator. ![]() Iptables String Matching for Advanced Firewalling. Wiztelsys: String based network filtering with iptables on 2.6.x kernels
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |