Using stateful filtration allows the packet to be analyzed in the context of the session status, e.g. Filtering rules can be divided into 2 types which differ considerably: stateful and stateless. Iptables is the most popular method when it comes to processing packets in Linux. To download full-size diagram, click here. QOS - using the tc filter command design for QOS filteringįiltration on OSI layer 7 using a user space applicationīefore we begin - a quick reminder about packet flow in the Linux kernel:
BGP Flow Spec (how to deploy iptables’ rules using BGP protocol).IP routing - transferring packets according to the routing table Ip rule - a tool designed to build advanced routing policies Nftables - successor of iptables+ebtables Iptables - responsible for filtering packets handled by TCP/IP stackĮbtables - the same as above, but mostly focused on layer 2 (the comparison between ISO/OSI and TCP/IP models is presented in our blog post) These methods are not restricted to just firewall rules and can be divided into six main categories: In this blog post we want to share them with you. Have you ever wondered how to drop a packet in Linux OS? Well, there are a few methods to do it.
0 kommentar(er)
