lowercase Infobox software name iptables logo screenshot caption author Rusty Russell developer Netfilter ... 2012 03 27 ref cite web url http www.netfilter.org news.html 2012 01 02 title iptables 1.4.13 released ... iptables is a user space application program that allows a system administrator to configure ... used for different protocols iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames. iptables requires elevated privileges to operate and must be executed by user Superuser root , otherwise it fails to function. On most Linux systems, iptables is installed as tt usr sbin iptables tt and documented in its man page , ref http dev.medozas.de files xtables iptables.html iptables and http dev.medozas.de files xtables ip6tables.html ip6tables manpages ref ... using code man iptables code when installed. It may also be found in tt sbin iptables tt , but since iptables is more like a service rather than an essential binary , the preferred location remains tt usr sbin tt . iptables is also commonly used to inclusively refer to the kernel level components ... to the entire firewall v4,v6,arp,eb architecture. History See also Netfilter History Netfilter and iptables ... s article. This sentence is copied from Netfilter for a starting introduction. Prior to iptables, the predominant ... in Linux 2.0 which was based on Berkeley Software Distribution BSD ipfirewall ipfw . iptables preserves ... a packet, and what to do with such a packet. ipchains added the concept of chains of rules, and iptables ... through one filtering point. This split allowed iptables, in turn, to use the information the connection ... iptables superior to ipchains because it has the ability to monitor the state of a connection ... in the manpages. A firewall using iptables this way is said to be a stateful firewall versus ipchains ... is not fully aware of the context from which a data packet arises, whereas iptables is. Therefore, iptables can make better decisions on the fate of packets and connections. The Netfilter maintainer ... more details
Rope is a programming language that allows developers to write extensions to the Iptables Netfilter components of Linux using a simple scripting language based on Reverse Polish notation . It is a scriptable Iptables match module, used to identify whether IP packets passed to it match a particular set of criteria or not. Rope started life as a project to make the string match module of Iptables stronger and evolved fairly quickly into an open ended scriptable packet matching mechanism. External links http www.lowth.com rope Rope project home page Category Scripting languages ... more details
libipq is a development library for iptables userspace packet queuing . Libipq provides an API for communicating with ip queue. Libipq has been deprecated in favour of the newer http www.netfilter.org projects libnetfilter queue index.html libnetfilter queue in Linux kernel 2.6.14 onwards. Use in widely used software applications libipq has been used by some widely deployed applications as their interface to the Linux kernel space iptables packet filter. Snort software Snort Snort is an Intrusion Detection System which runs in user space and uses libipq to interface with Linux s iptables packet filter. External links http www.netfilter.org projects iptables index.html iptables at netfilter.org https svn.netfilter.org netfilter trunk iptables libipq libipq subversion repository http www.cs.princeton.edu nakao libipq.htm Linux Man Page http www.crhc.uiuc.edu grier projects libipq.html A quick intro to libipq http www.linuxquestions.org linux answers Programming Libipq by example Libipq network simulator example Category Linux kernel features Category Linux security software Compu library stub ... more details
FireHOL is a firewall networking firewall application designed to work with a lower level firewall utility for the Linux kernel, netfilter iptables . FireHOL does not use a GUI , but is configured through an easy to understand plain text configuration file. A further advantage of FireHOL is its friendliness to beginners you don t have to worry about the answer packet because FireHOL first parses the configuration file and then sets the appropriate iptables rules to achieve the expected firewall behavior. It is a large, complex Bash Unix shell BASH script file, depending on the iptables console tools rather than communicating with the kernel directly. This has the advantage of portability any Linux system with iptables, BASH, and the appropriate tools can run it. Its main drawback is slower starting times, particularly on older systems. Since this delay only happens once per boot or less, if the resulting rules are saved to disk high performance for this is not generally important except in embedded systems. FireHOL also benefits from the shell s flexibility, being easily extended and configured to a high degree FireHOL s configuration files are fully functional BASH scripts in of themselves. You can write scripts in normal shell syntax and they will operate as expected you might loop a FireHOL statement to forward an entire set of ports, for example. FireHOL is free software , distributed under the terms of the GNU General Public License . External links Portal Free software http firehol.sourceforge.net FireHOL Homepage Firewall software DEFAULTSORT Firehol Category Firewall software Category Free security software linux stub mr ... more details
lowercase title ipchains Infobox software name ipchains logo collapsible author developer Rusty Russell released pre 1998 Start date YYYY MM DD latest release version 1.3.10 latest release date Start date and age 2000 10 6 latest preview version latest preview date Start date and age YYYY MM DD programming language C programming language C operating system Linux platform Linux kernel size language status Unmaintained superseded by iptables genre Packet filter management license GNU Public License GPL website http people.netfilter.org rusty ipchains Linux IP Firewalling Chains , normally called ipchains , is free software to control the packet filter firewall networking firewall capabilities in the 2.2 series of Linux kernel s. It superseded ipfwadm , but was replaced by iptables in the 2.4 series. Unlike iptables, ipchains is stateless. It is a rewrite of Linux s previous IPv4 firewall networking firewall , ipfwadm . This newer ipchains was required to manage the packet filter in Linux kernel s starting with version 2.1.102 which was a 2.2 development release . Patches are also available to add ipchains to 2.0 and earlier 2.1 series kernels. Improvements include larger maximums for packet counting , filtering for IP fragmentation fragmented packets and a wider range of protocol computing protocols , and the ability to match packets based on the inverse of a rule. ref cite web url http people.netfilter.org rusty ipchains HOWTO 1.html title Linux IPCHAINS HOWTO last Russell first Rusty chapter 1 version 1.0.8 date 2000 07 04 accessdate 2009 02 08 ref The ipchains suite also included some shell scripts for easier maintenance and to emulate the behavior of the old ipfwadm command. The ipchains software was superseded by the iptables system in Linux kernel 2.4 and above. ref cite web url http www.netfilter.org title netfilter iptables project homepage date 2009 02 06 accessdate 2009 02 08 ref References Reflist External links Portal Free software IPChains HOWTO http tldp ... more details
of the different Netfilter components The netfilter iptables project was started in 1998 by Rusty ... for past years, was elected the new chairman of the coreteam. Prior to iptables, the predominant ... and ipfwadm. iptables Main iptables The kernel modules named ip tables , ip6 tables , arp tables the underscore ... packets. The tables can be administered through the user space tools iptables , ip6tables , arptables ... transformations are applied afterwards. The nat table that is made available to iptables is merely ... filtering firewalling . nftables Main nftables Patrick McHardy intended to replace iptables with the now defunct nftables in the future. The four modules of iptables IPv4 , IPv6 , Address Resolution ... all related packets in the same way, and iptables can use this information to act as a stateful ... space tool conntrack . iptables can make use of checking the connection s information such as states ... extensions such as Connection Tracking, ipset ref http ipset.netfilter.org ref is more related to iptables ..., but actually provides an iptables module to match and do minimal modifications set clear to IP ... network numbers, depending on its type . These sets are much more lookup efficient than bare iptables ... can only be removed destroyed if there are no iptables rules or other sets referring to it. User ... packet queueing in conjunction with iptables. libnetfilter conntrack , that allows to manipulate ... that are generated by iptables. libiptc , that allows changing the iptables firewall ruleset. Netfilter ... security ipchains , the predecessor to iptables ipfirewall ipfw PF firewall Netlink , an API ... iptables project homepage http netfilter.org projects conntrack tools conntrack tools homepage http ... and Iptables Stateful Firewalling for Linux October 11, 2001 Firewall software Category Free network related software Category Firewall software Category Free security software ar ca Iptables de Netfilter es Netfilter fr Netfilter it Netfilter lv Netfilter iptables ja Iptables no Netfilter ... more details
Orphan date February 2009 lowercase title lsmod lsmod is a command on Linux systems which prints the contents of the tt procfs proc modules tt file. It shows which loadable kernel module s are currently loaded. Abridged example output lsmod Module Size Used by af packet 27392 2 Realtek 8139too 30592 0 snd cs46xx 96872 3 snd pcm oss 55808 1 snd mixer oss 21760 2 snd pcm oss iptables ip6table filter 7424 1 iptables ip6 tables 19728 1 ip6table filter IPv6 ipv6 290404 22 XFS xfs 568384 4 Silicon Integrated Systems sis900 18052 5 Parallel ATA libata 169920 1 pata sis SCSI scsi mod 158316 3 usb storage,sd mod,libata USB usbcore 155312 6 Host controller interface ohci hcd , USB mass storage device class usb storage , USB human interface device class usbhid Module denotes the name of the module, Size the amount of memory it uses, Used its use count, and by a list of referring modules. If the module controls its own unloading via a can unload routine then the use count displayed by lsmod is always 1, irrespective of the real use count. See also modprobe External links http manpages.unixforum.co.uk man pages linux suse linux 10.1 8 Linux Man Pages . Category Linux kernel related software linux stub ... more details
The arptables computer software utility is a network administrator s tool for maintaining the Address Resolution Protocol ARP packet filter rules in the Linux kernel firewall modules. The tools may be used to create, update, and view the tables that contain the filtering rules, similarly to the iptables program from which it was developed. A popular application is the creation of filter configurations to prevent ARP spoofing . External links http linux.die.net man 8 arptables arptables 8 Linux man page http abulmagd.blogspot.com 2008 08 arptables and arp poisoningnetcut.html arptables, and ARP poisoning Firewall software collapse Category Firewall software Category Linux network related software Category Free network related software Category Free security software network software stub tr Arp tablosu ... more details
Primary sources date March 2010 Infobox software name Firestarter logo screenshot Image Ubuntu Feisty Fawn Firestarter.png 227px caption Screenshot of the Firestarter window developer Firestarter developers released frequently updated Yes Release version update? Don t edit this page, just click on the version number programming language operating system Linux language status discontinued Citation needed date October 2008 genre Firewall networking firewall license GNU General Public License website http www.fs security.com Firestarter is a free software free and open source personal firewall tool that uses the Netfilter iptables ipchains system built into the Linux kernel . It has the ability to control both inbound and outbound connections. Firestarter provides a graphical interface for configuring firewall rules and settings. It also provides real time monitoring of all network traffic for the system. Firestarter also provides facilities for port forwarding , internet connection sharing and Dynamic Host Configuration Protocol DHCP service. See also Portal box Computer security Free software Uncomplicated Firewall iptables netfilter External links http www.fs security.com Firestarter website http firestarter.sourceforge.net manual Firestarter manual on SourceForge http techthrob.com 2009 03 02 setup a software firewall in linux using firestarter http blogs.techrepublic.com.com products ?p 667 Firewall software DEFAULTSORT Firestarter Firewall Category Firewall software Category GTK Category Linux security software Category Discontinued software Linux stub es Firestarter fr Firestarter logiciel it Firestarter software mr nl Firestarter software ja Firestarter pl Firestarter pt Firestarter firewall sk Firestarter softv r ... more details
Refimprove date March 2010 DISPLAYTITLE ispCP Infobox software Name ispCP logo Image Ispcp.svg 200px latest release version 1.0.7 ispCP Omega latest release date 24 November 2010 operating system Linux Unix genre System administrator Administration Software license Mozilla Public License MPL Free Software website http www.ispcp.net www.ispcp.net ispCP Internet Service Provider Control Panel is an open source project founded to build a Multi Server Control and Administration Panel. This Control Panel is usable by any Internet Service Provider ISP . The ispCP Omega release is completely based on the original open source http vhcs.net VHCS project. Because part of the ispCP developer team were core members of the http vhcs.net VHCS project, there was created a way to migrate to ispCP. This led to the creation of ispCP Omega, a migration path from http vhcs.net VHCS to ispCP. Licensing ispCP Omega has a dual license. A large part of the old VHCS code is licensed under the Mozilla Public License . All new code, and submissions to ispCP Omega are licensed under the GNU General Public License V2 . To solve this license conflict there is work on a complete rewrite for a completely GPL2 licensed ispCP. System requirements Apache HTTP Server Apache web server Postfix software Postfix MTA ProFTPd FTP server PHP 5.3 programming language, fcgid, fastcgi Perl programming language MySQL 4 or 5 relational database management system Courier Mail Server Courier POP3 and IMAP daemon BIND 8 or BIND9 DNS server Netfilter iptables Iptables optional Competing software cPanel Hosting Controller ISPConfig SysCP Virtualmin http vhcs.net VHCS External links WebManTools Use dmy dates date October 2010 DEFAULTSORT Ispcp Category Unix Category Web applications Category Website management Category User interfaces Category Web hosting Category Web server management software de IspCP fa ... more details
DISPLAYTITLE i MSCP Infobox software Name i MSCP latest release version 1.0.2.1 i MSCP Phoenix latest release date 28 February 2012 operating system Linux Unix genre System administrator Administration Software license GNU General Public License GPL , MPL Free Software website http i mscp.net i mscp.net http i mscp.net i MSCP internet Multiserver Control Panel is an open source project founded to build a Multi Server Web hosting control panel Control and Administration Panel . This Control Panel is usable by any Internet Service Provider ISP . The i MSCP Phoenix release is a fork of the open source http ispcp.net ispCP project. Because part of the i MSCP developer team were core members of the http ispcp.net ispCP project, there was created a way to migrate from it. Licensing i MSCP Phoenix has a dual license. A large part of the old VHCS code still part of iSPCP base code is licensed under the Mozilla Public License. All new code, and submissions to i MSCP Phoenix are licensed under the GNU General Public License V2 . To solve this license conflict there is work on a complete rewrite for a completely GPL2 licensed i MSCP. System Requirements Apache HTTP Server Apache web server Postfix software Postfix MTA ProFTPd FTP server PHP 5.3 programming language, fcgid, fastcgi Perl programming language MySQL 4 or 5 relational database management system Courier Mail Server Courier POP3 and IMAP daemon Dovecot software Dovecot POP3 and IMAP daemon BIND 9 DNS server Netfilter iptables Iptables optional Competing software cPanel Hosting Controller ISPConfig ispCP SysCP Virtualmin http vhcs.net VHCS External links WebManTools Use dmy dates date October 2010 DEFAULTSORT Ispcp Category Unix Category Web applications Category Website management Category User interfaces Category Web hosting Category Web server management software ... more details
has been called, ...the biggest change to Linux firewalling since the introduction of iptables ... 324989 work LWN.net date 2009 03 24 cite conference title nftables a successor to iptables, ip6tables ... more details
IPT may refer to Illini Prosthetic Technologies , a prosthetics organization based in Illinois Incendiary paint theory, a theory of the Hindenburg disaster Indian People s Tribunal , a human rights organization Industry and Parliament Trust , a charity that promotes the mutual understanding of Parliament and business Information Processes and Technology , a Higher School Certificate HSC course in information systems Institutt for Petroleumsteknologi og anvendt Geofysikk Department of Petroleum Engineering and Applied Geophysics, NTNU Institute for Professionals in Taxation , a U.S. based professional organization for tax industries Instituto de Pesquisas Tecnol gicas , a Brazilian research facility, which created the CAP 1 Planalto aircraft Insulin potentiation therapy Insurance Premium Tax UK , a tax paid on insurance premiums in the UK Integrated product team Intermittent preventive therapy International Pool Tour Interpersonal psychotherapy Inventor Part file of Autodesk Inventor Investigative Project on Terrorism, directed by journalist Steven Emerson IP telephony or voice over Internet Protocol Page table Inverted page table Inverted Page Table , a type of page table in a computer operating system iptables iPod Touch Iron Pipe Thread, see also MIPT, FIPT Gender of connectors and fasteners Plumbing connectors & NPT National pipe thread IPtronics , a fabless semiconductor company selling parallel optics for data communication applications MATLAB s standard Image Processing Toolbox Williamsport Regional Airport disambig de IPT fa IPT ko IPT it IPT ms IPT no IPT ... more details
Wiktionary rope Rope is a length of non metallic fibers twisted or braided together Rope may also refer to Entertainment Rope play Rope play , a play by Patrick Hamilton Rope film Rope film , a 1948 film by Alfred Hitchcock based on the play Rope song Rope song , a single from Foo Fighters 2011 album Wasting Light The Rope , album by Black Tape for a Blue Girl Roped , a 1919 silent film directed by John Ford and starring Harry Carey Rudens a play by Roman author Plautus whose title is translated into English as The Rope Computers IpTables Rope , an open source firewall programming language Rope computer science , a data structure used in computer science Core rope memory is a ferrite read only memory Acronym ROPE, an abbreviation for Research Opportunity and Performance Evidence used by the Australian Research Council Other Wire rope , a length of metallic fibers twisted or braided together Rope rhythmic gymnastics , a rhythmic gymnastics apparatus Rope, or Corde Lisse , an aerial acrobatics attribute discipline Rope unit , a unit of length Rope, Cheshire , a civil parish in Cheshire The Ropes , an indie rock band from New York Rope, a bartending slang for a straw. Colloquial for execution by hanging disambig fr Rope ... more details
Infobox software name NPF logo screenshot caption developer latest release version latest release date latest preview version latest preview date operating system NetBSD programming language C programming language C genre packet filter , Firewall computing Firewall license BSD license website NPF is a BSD license d stateful packet filter , a central piece of software for Firewall computing firewalling . It is comparable to iptables , Ipfirewall ipfw , ipfilter and PF firewall PF . NPF is developed on NetBSD . History NPF was primarily written by Mindaugas Rasiukevicius. Work on NPF was sponsored by the NetBSD Foundation. The initial code was committed in NetBSD CVS repositories on August 22, 2010. NPF first appeared in NetBSD 6.0. Features NPF is designed for high performance on multi core and multi processor machines, and for easy extensibility. The packet filter will no longer be the bottleneck in a multicore router. The packet inspection engine is inspired by BPFs N Code processor The syntax for configuration and utilities npfctl is familiar for users of PF External links http mail index.netbsd.org netbsd announce 2010 09 13 msg000110.html Original announcement on NetBSD lists http netbsd.gw.com cgi bin man cgi?npf.conf NetBSD current Manpage for npf.conf on NetBSD current NetBSD Firewall software DEFAULTSORT NPF Firewall Category BSD software Category NetBSD Category Firewall software ka NPF ru NPF ... more details
Infobox software name Shorewall logo File Shorewall logo.png 250px screenshot caption collapsible author developer Thomas M. Eastep released Start date YYYY MM DD latest release version 4.4.21 ref http shorewall.net shorewall index.htm Releases ref latest release date Start date and age 2011 06 05 ref http www.shorewall.net News.htm ref latest preview version latest preview date Start date and age YYYY MM DD frequently updated programming language operating system Linux platform size language English language English status genre license GPL v2 ref http www.shorewall.net shorewall index.htm License ref website http shorewall.net Shorewall Homepage Shorewall more appropriately the Shoreline Firewall is an open source software open source firewall networking firewall tool for Linux that builds upon the Netfilter iptables ipchains system built into the Linux kernel , making it easier to manage more complex configuration schemes. Using an analogy understandable to programmers Shorewall is to iptables, what C programming language C is to Assembly programming assembly language. It provides a higher level of abstraction for describing rules using text files. Configuration It is not a daemon computer software daemon since it does not run continuously, but rather configures rules in the kernel that allow and disallow traffic through the system. Shorewall is configured through a group of plain text configuration files and does not have a graphical user interface , though a Webmin module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and assist in testing. Use Shorewall is mainly used in network installations as opposed to a personal firewall personal computer firewall , since most of its strength lies in its ability to work with zones , such as the Demilitarized zone computing DMZ or a net zone. Each zone would then have different rules, making it easy to have for example relaxed rules on the ... more details
Infobox person image Harald Welte 27C3.jpg image size 220px birth date 1979 residence Berlin, Germany nationality German occupation Programmer website http laforge.gnumonks.org weblog Harald Welte born 1979 is a programmer resident in Berlin, Germany . Within the free software community , Welte is well known as a Hacker free and open source software hacker of the Linux kernel and for his activities in enforcing the GNU General Public License GPL , the license that governs the use of much of free software . Welte is also involved in a number of free software projects, such as Openmoko , a version of Linux for completely open, low cost, high volume phones and the netfilter iptables project the core firewall mechanism in Linux based firewall computers and routing devices . He is an active member of the Chaos Computer Club . Linux kernel development Until 2007, Welte was the chairman of the core team responsible for the netfilter iptables project. ref cite web url http www.netfilter.org about.html history title Project history work About the netfilter iptables project ref He is also credited with writing the UUCP over Secure Sockets Layer SSL how to , and contributions to User mode Linux and international encryption kernel projects, among others. GPL enforcement Welte has become prominent for his work with gpl violations.org an organisation he set up in 2004 ref cite web url http www.ftd.de karriere management recht steuern recht steuern software harald gegen goliath 398129.html title Software Harald gegen Goliath ref to track down and prosecute violators of the GPL, which had been untested in court until then. Openmoko Welte was Lead System Architect for Openmoko , a project to create a smartphone platform using free software. ref cite web url http www.linuxdevices.com news NS2986976174.html title Cheap, hackable Linux smartphone due soon ref It uses the Linux kernel , together with a graphical user environment built using X.Org Server , and the Matchbox window manager ... more details
APF may refer to In technology APF Imagination Machine , a video game console and home computer system Advanced Policy Firewall , is a policy based iptables firewall system Atomic packing factor , in crystallography All Plastic Fiber, used in TOSLINK http www.digikey.com Web 20Export Supplier 20Content Toshiba 264 PDF Toshiba BCE0037 catalog.pdf page6 Other African Parks Foundation , a private park management institution in Africa that takes on the actual long term management responsibility of parks, in public private partnerships with Governments Aircraft Purchase Fleet Akshaya Patra Foundation , foundation for midday meal program in India Alicia Patterson Foundation , an annual journalism award American Party of Florida American Police Force , or its new name American Private Police Force, is a private military company Anglican Pacifist Fellowship , a religious group, established in 1937, opposing war Animal Protein Factor , a growth stimulant for young animals Anti Privatisation Forum , established in July 2000 Appleford railway station , from its National Rail Asociaci n Paraguaya de F tbol , the Paraguayan Football Association Assembl e parlementaire de la Francophonie , an international association of French speaking parliaments Australian Pharmaceutical Formulary Australian Privacy Foundation , a NGO formed for the purpose of protecting the privacy rights of Australians Authorized program facility , a service controlling the access to privileged z OS system functions Azerbaijan Popular Front , a political party in Azerbaijan Naples Municipal Airport , from its IATA airport code All Pro Football See also AFP disambiguation disambig de APF fr APF it APF ja APF ... more details
Netfilter iptables GPL Free Linux kernel module Norton 360 Proprietary software Proprietary ? Microsoft ... yes yes yes rh Juniper Networks yes yes yes yes yes yes yes yes yes rh Linux Netfilter iptablesiptables ... selected protocols only yes yes yes yes yes yes no yes yes yes rh Linux iptables yes yes with patch ... yes no no yes no yes yes no yes no yes NOTE Because Linux Iptables is text based firewall, you can ..., SSH, Web webmin , X Win32 GUI fwbuilder , RS232 yes yes rh Linux iptables both Telnet, SSH, Web webmin ... Linux Iptables and Cisco ACL are text based firewalls, you can centrally manage them all at once ... but deprecated on Linux. rh Linux iptables yes yes , with Snort Inline, Ossec yes yes Both Linux ... more details
Infobox Software name ipf logo caption screenshot developer Darren Reed latest release version 5.1.1 latest release date January 30, 2012 operating system FreeBSD , NetBSD , Solaris operating system Solaris , Linux , HP UX , ... genre Packet filtering license GPLv2 website http coombs.anu.edu.au avalon http coombs.anu.edu.au avalon IPFilter commonly referred to as ipf is an open source software package that provides firewall networking firewall services and network address translation NAT for many UNIX like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall . IPFilter is delivered with FreeBSD , NetBSD , Solaris operating system Solaris 10 & 11 . The current source code that can be accssed via sourceforge is covered by GPLv2. IPFilter can be installed as a runtime loadable kernel module or directly incorporated into the operating system Kernel computer science kernel , depending on the specifics of each kernel and user preferences. The software s documentation recommends the module approach, if possible. Operating system s that are known to support IPFilter include the following IBM AIX operating system AIX 5.3 ML05 BSD OS 1.1 4 DragonFlyBSD 1.0 2.10 FreeBSD 2.0.0 9.0 IRIX 6.2, 6.5 HP UX 11.00 Linux kernel 2.4 2.6 NetBSD 1.0 5.0 OpenBSD 2.0 2.9 no support since May 2001 OpenSolaris QNX 6 port Solaris operating system Solaris 2.3 11 SunOS 4.1.3 4.1.4 Tru64 5.1a See also iptables ipfirewall ipfw PF firewall References References External links http coombs.anu.edu.au avalon IPFilter Homepage http sourceforge.net projects ipfilter IPFilter Source Code http www.phildev.net ipf The IPFilter FAQ by Phil Dibowitz http www.obfuscation.org ipf IPFilter How To http www.uk.freebsd.org doc en US.ISO8859 1 books handbook firewalls ipf.html FreeBSD handbook The IPFILTER IPF Firewall Firewall software Unix stub Network software stub Category Internet Protocol based network software Categor ... more details
The evil bit is a fictional IPv4 header information technology packet header field proposed in RFC 3514, a humorous April Fools Day RFC from 2003 authored by Steven M. Bellovin Steve Bellovin . The Request for Comments RFC recommended that the last remaining unused bit in the IPv4 packet header be used to indicate whether a packet had been sent with malicious intent, thus making computer security engineering an easy problem simply ignore any messages with the evil bit set. Influence The evil bit has become a synonym for all attempts to seek simple technical solutions for difficult human social problems, in particular efforts to implement Internet censorship using simple technical solutions. The evil bit also became a noteworthy in joke in Slashdot . News about the publication of this RFC was posted in Slashdot dozens of times, reworded each time, among other April Fools Day April Fools stories, poking humour at the common criticism of Slashdot often posting duplicate stories. As a joke, FreeBSD implemented this on the same day but removed the changes on the following day. ref http lists.freebsd.org pipermail cvs all 2003 April 001098.html Implementation , http lists.freebsd.org pipermail cvs all 2003 April 001295.html removal ref A Linux patch implementing the iptables module ipt evil was posted the next year ref http lists.netfilter.org pipermail netfilter devel 2004 April 014854.html ipt evil, kernel part ref . Furthermore, a patch for FreeBSD 7 is available ref http unix.derkeiler.com Mailing Lists FreeBSD hackers 2008 04 msg00071.html RFC3514 for FreeBSD7 ref and is kept up to date. There is extension for Extensible Messaging and Presence Protocol XMPP protocol http xmpp.org extensions xep 0076.html XEP 0076 Malicious Stanzas , inspired by evil bit. This RFC has also been quoted in the otherwise completely serious RFC 3675, .sex Considered Dangerous , which may have caused the proponents of .xxx to wonder whether the Internet Engineering Task Force IETF was comm ... more details
Infobox software name nufw logo Image Nupik.png caption screenshot developer NuFW Core Team latest release version 2.2.20 latest release date December 10, 2008 operating system Linux genre Packet filtering license GNU General Public License website http www.nufw.org www.nufw.org NuFW is a GNU General Public License GPL extension to Netfilter , a Linux Firewall computing firewall . It adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI. Introduction NuFW UFWI is an extension of Netfilter which brings the notion of user to IP filtering. NuFW UFWI can Authenticate any connection that goes through your gateway or only from to a chosen subset or a specific protocol iptables is used to select the connections to authenticate . Perform accounting, routing and Quality of service QOS based on users and not simply on IPs. Filter packets with criteria such as application and OS used by distant users. Be the key of a secure and simple Single sign on Single Sign On system. Principles NuFW UFWI refuses the idea of IP user as an IP address can easily be Spoofing attack spoofed . It thus uses its own algorithm to perform authentication. It depends on two subsystems Nufw which is connected to Netfilter and Nuauth which is connected to clients and Nufw. The algorithm is the following Image Algorythm.png A standard application sends a packet. The Nufw client sees that a connection is being initiated and sends a user request packet. The Nufw server queues the packet and sends an auth request packet to the Nuauth server. The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority. The Nuauth server sends answer back to the Nufw server The Nufw server transmits the packet following the answer given to its request. This algorithm realizes an A Posteriori authentication of the connection. As there is no ... more details
Sentry Firewall is a free open source network Firewall computing firewall Linux distribution that was first published in 2001 and has been the subject of multiple magazine reviews Citation needed date September 2009 . ref Linux Journal Magazine, http www.linuxjournal.com article 4826 Focus on Software, Security Applications ref ref http linux mag.com Linux Magazine , Sentry Firewall CD Simple Safety , May 2004 issue, page 56 print only ref The distribution is particularly notable because it consists solely of a bootable CD ROM that is designed to be used in a computer with no hard disk. Configuration information is retrieved at boot time by automatically searching on an attached floppy disk drive , USB flash memory drive , or another server on the local network willing to provide the configuration. Overview Sentry Firewall starts from CD ROM and immediately constructs a RAM disk in the computer s memory. Before the system fully boots, a script searches for removable media containing a file called sentry.conf . If that file is found, it may contain detailed instructions and a list of files to be copied from the removable media to the RAM disk before the system is finally allowed to boot. The CD ROM is pre loaded with a variety of configurable network tools, including iptables . Because the RAM disk is created each time the machine boots, it is possible to recover from any sort of problem simply by booting reboot ing the machine. From a security perspective, this is compelling because the machine essentially becomes immune to viruses or file corruption or at least the effects of either problem can t survive a reboot. Configuration While basic Linux familiarity is necessary to configure a basic set of files necessary to use the firewall, there exists Windows programs capable of creating the bulk of the configuration scripts based on interaction with a graphical user interface. http fwbuilder.org Firewall Builder is one such example this program also works with other fi ... more details
Encyclopedia
top
