Firewall
How to secure a Linux system
Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.
Summary
Every Linux system will benefit from more security, especially if it contains sensitive data. With so many resources available on the internet, one might think that securing Linux has become easy. We know it is not.
Linux system hardening takes a good amount of understanding about how the Linux kernel works. It also requires a good understanding of the operating system principles. In this guide, we will help you to get this understanding and provide you with tips and tools. The final result should be a secure Linux server or desktop system.
BPFILTER: the next-generation Linux firewall
BPFILTER is one of the newer features to provide traffic filtering. Learn how it works and why it may replace iptables as the firewall on Linux systems.
Summary
The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel.
What is BPFILTER?
BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF. Interestingly, BPF itself is an acronym for Berkeley Packet Filter. So it is clear that packet filtering is an important part of this feature.
Beginners guide to traffic filtering with nftables
The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.
Summary
Learn how to use nftables in this introduction guide to the tool. With common examples, frequently asked questions, and generic tips.
Ubuntu system hardening guide for desktops and servers
Step by step guide to secure any Ubuntu desktop or server. Harden your Ubuntu during installation and afterwards with the available security tips.
Summary
The system hardening process of a system is critical during and after installation. It helps the system to perform its duties properly. This blog post shows you several tips for Ubuntu system hardening. It will dive into the most critical steps to take first. Then more specific hardening steps can be added on top of these. As most security guides only tell you what to do, we will also go into more detail on why a specific security measure is important. This way you can make educated decisions on what steps you want to do, or the ones to skip. After all, each system is different.
Differences between iptables and nftables explained
An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.
Summary
The seasoned Linux administrator will be familiar with iptables, the network traffic filter. If you ever configured a Linux system with an ethernet bridge configuration, you might even have worked with ebtables. Or possibly you wanted to filter ARP traffic and used arptables? Newcomer nftables has arrived, with the purpose to replace iptables, ip6tables, ebtables and arptables. As with every big upcoming change, it is good to know the differences. We explain what makes nftables different to iptables, and why you want to adopt it in the near future.
Linux vulnerabilities: from detection to treatment
How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.
Summary
If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. This guide explains what is available, from vulnerability to treatment.
Exporting nftables rules and configuration
Nftables has an easy way to export firewall rules via the nft command line utility. Let's discover the options.
Summary
The usage of nftables will slowly grow in the upcoming years, with the goal to become the successor of iptables. Where iptables rules are harder to parse, nftables comes by default with an exporting facility. Exports formats include JSON and XML.
Command syntax
When using the command line utility nft for the first time, it looks a little bit unfriendly to the user. No suggestions on what to do, nor clear help on often used commands. To save you some time, we will look into nftables and document them for easy access later on. We are sure the utilities of nftables, with nft in particular, will get some work in the upcoming releases.