[LTNet]OPEN-EVENTS::OPEN MUSIC::MINICONTENT::KNOPPIX LINUXTAG.org
Cornerstone
// LinuxTag 2004
Besuchen Sie uns auch n臘hstes Jahr wieder auf dem LinuxTag 2004 im Karlsruher Messe- und Kongresszentrum. Fr n臧ere Details und den genauen Termin besuchen Sie bitte die LinuxTag Homepage.
EUROPAS GRヨSSTE GNU/LINUX MESSE UND KONFERENZ
KONFERENZ-CD-ROM 2003
Hauptseite Vortr臠e Bcher History Software Knoppix Sponsoren Abspann Impressum
Hauptseite//Vortr臠e//The future of linux packet filtering

The future of linux packet filtering

Harald Welte

Zusammenfassung

The netfilter/iptables system is about three years old. With Linux kernel 2.4.x being deployed widely during the last two years, lots of systems worldwide are using netfilter/iptables as their packet filtering subsystem.

netfilter/iptables is no doubt a big improvement over the old ipchains system in the 2.2.x kernels. Hoewever, as with any project - after wide deployment for some time, we start to discover aspects that can be implemented more cleanly, more efficently.

The constant innovation and development of new applications and protocols (like SIP) on the internet also raise new requirements towards the linux packet filter. Is it thus time for yet another generation of the linux packet filtering subsystem? Will the tradition of change (ipfwadm->ipchains->iptables->?) be continued? Or can we integrate all necessarry changes within the current framework?

The presentation will cover a summary of the problems with the current netfilter/iptables implementation and describe the proposed solutions directed to system and network administrators, so some knowledge about packet filters and iptables might be helpful.

ワber den Autor

Harald Welte is one of the five netfilter/iptables core team members, and the current Linux 2.4.x firewalling maintainer. His main interest in computing has always been networking. In the few time left besides netfilter/iptables related work, he's writing obscure documents like the UUCP over SSL HOWTO. Other kernel-related projects he has been contributing to are user mode linux and the international (crypto) kernel patch.

In the past he has been working as an independent IT Consultant working on closed-source projects for various companies ranging from banks to manufacturers of networking gear. During 2001 he was living in Curitiba (Brazil), where he got sponsored for his Linux related work by Conectiva Inc.

Starting with February 2002, Harald has been contracted part-time by Astaro AG, who are sponsoring him for his current netfilter/iptables work. Harald is living in Berlin, Germany.

Vortragsunterlagen
Impressum // ゥ 2003 LinuxTag e.V.