Taming the Wild Netfilter
Warren Togami
warren at togami.com
Sun Aug 26 23:06:37 PDT 2001
http://www2.linuxjournal.com/lj-issues/issue89/4815.html
Article about the advantages of Netfilter in the Linux kernel 2.4 over
earlier versions of Linux. Note that IPFilter had stateful inspection years
before Linux.
"The reason you'll want to upgrade to Netfilter is because it, unlike
ipchains or ipfwadm, is stateful. What this means is it can track
connections and permit incoming responses to outgoing requests without
creating gaping holes in the firewall. The connection tracking opens a
specific, temporary hole for responses and only from the contacted server.
We'll see how this works later. The drawback is that with connection
tracking in use, Netfilter will need to use a little more memory because the
connections are tracked in RAM. So your 4MB 386-16 may no longer be up to
the job, depending on your filtering requirements."
More information about the LUAU
mailing list