Red Hat-Netfilter

From Grokdoc

Not for home users

This Tool is not directly available to users. I have included a technical description of it below for more adanced reference. If you need access to a firewall, please use one of the other selections in this directory.

Netfilter is the core component of most Linux based firewalls.

This is the Linux kernel (2.4+) component that performs the firewall functionalty and interfaces with user programs. The tools that interface with Netfilter are used to setup the netfilter core. There are two exceptions to this rule.

1. IP_QUEUE This is an extension to netfilter that allows a userspace program to filter rules instead of the rules being filtered from withing the netfilter core, which is always in the kernel.

This is very handy when you want userspace programs to manipulate the data stream on an inline basis. The two best examples of this are snort-inline and squid-inline.

Snort-inline detects worms and other mal-ware over the wire. It can drop packets and sessions that it thinks are dangerous to your network. For instance, if you receive a buffer overrun attack against one of your servers, the snort-inline will block it before it gets to the intended destination.

Squid-inline can make it very easy for users to use proxy services. If you have a restrictive network that only allows outbound proxy services, you still may need to allow programs that don't natively support proxy. In this case you can use an inline proxy which transparently proxies the connection without either end of the connection realizing it.

2. ULOG ULOG allows any log messages to be surfaced to userspace in order to process. Normally, LOG messages are sent to the klogd service and eventually written to /var/log/messages. The ULOG mechanism allows you to handle LOG files differently.