Netfilter

Beginners Guide to nftables Traffic Filtering

The replacement of iptables is known as nftables. In this introduction, we learn to install nftables and configure it, to secure your Linux systems.

Summary of Beginners Guide to nftables Traffic Filtering

Traffic filtering with nftables Many Linux administrators became familiar with iptables and ip6tables. Less familiar are tools like arptables and ebtables. Meet the successor of them all: nftables, a packet filtering framework, with the goal to replace all the previous ones. After reading this guide you will be able to configure your own firewall configuration. Step by step we will show how nftables work. Although no knowledge of iptables is needed, we will share some differences with iptables where applicable.

Read the full article…

BPFILTER: the next-generation Linux firewall

BPFILTER is one of the newer features to provide traffic filtering. Learn how it works and why it may replace iptables as the firewall on Linux systems.

Summary of BPFILTER: the next-generation Linux firewall

The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel. What is BPFILTER? BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF.

Read the full article…