Netfilter 框架由Rusty Russell 于 1998 年创建。它是linux内核的一个子系统，在2000年3月合并 linux 内核，Netfilter采用模块化设计，具有良好的可扩充性，提供扩展各种网络服务的结构化底层框架，你可以在网络堆栈中的数据包遍历过程中的各个点（netfilter hooks）注册 ...

Netfilter （配合 iptables）使得用户空间应用程序可以注册内核网络栈在处理数据包时应用的处理规则，实现高效的网络转发和过滤。很多常见的主机防火墙程序以及 Kubernetes 的 Service 转发都是通过 iptables 来实现的。 关于 netfilter 的介绍文章大部分只描述了抽象的 ...

When deciding on a firewall implementation, most Unix-savvy administrators have usually chosen to use ipfilter on OpenBSD for their combination of capabilities and stability, as the capabilities of ...

Nick Gregory, a Sophos threat researcher, found this hole recently while checking netfilter for possible security problems. Gregory explains in great detail his bug hunt, and I recommend it for those ...

从1.1内核开始，linux就已经具有包过滤功能了，在2.0的内核中我们采用ipfwadm来操作内核包过滤规则。之后在2.2内核中，采用了大家并不陌生的ipchains来控制内核包过滤规则。在2.4内核中我们不再使用ipchains，而是采用一个全新的内核包过滤管理工具--iptables。

Every self-respecting Linux guru should be familiar with firewalls and how to install and configure them. With this in mind, Linux gurus also should be curious about how firewalls function and how to ...

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. The CVE-2023-32233 ...

有没有人看过write new netfilter module ，我看了后按照他上面的代码写了一道，在编译的时候就是通不过，老是冒一些莫名其妙的警告和错误，我的系统是redhat 9 内核没有编译，编译 本文讨论模块编写者如何利用Netfilterhook来实现任意目的以及如何将将网络通信在 ...

Sophos researcher Nick Gregory has uncovered a dangerous security bug in Linux's netfilter application which could enable a local attacker to escalate privileges on vulnerable machines and carry out a ...

Check Point Software Technologies has the largest market share of any firewall vendor with their Firewall-1 (FW-1) product, and Nokia manufactures several hardware appliances together with an ...