欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/Agda, C++/Erlang/Lisp
Netfilter
| 第1行: | 第1行: | ||
| + | {{SeeWikipedia}} | ||
| + | |||
netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series. | netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series. | ||
| 第17行: | 第19行: | ||
==Links== | ==Links== | ||
*http://netfilter.org/ | *http://netfilter.org/ | ||
| + | |||
| + | [[Category:Firewall]] | ||
| + | [[Category:Security]] | ||
2010年9月20日 (一) 10:30的版本
|
您可以在Wikipedia上了解到此条目的英文信息 Netfilter Thanks, Wikipedia. |
netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework.
Main Features
- stateless packet filtering (IPv4 and IPv6)
- stateful packet filtering (IPv4 and IPv6)
- all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 only)
- flexible and extensible infrastructure
- multiple layers of API's for 3rd party extensions
- large number of plugins/modules kept in 'patch-o-matic' repository
