Linux NetFilter

This is my old and outdated Linux NetFilter page. However, people still ask me for the promiscuous patch. So here it is.

I work a lot with the new Linux 2.4 Firewalling Code which is called NetFilter. It is a very nice framework (hooorah for the NetFilter core team) not even for firewalling but also for accounting, packet capturing and packet mangling within the network.

The official NetFilter homepage can be found at http://netfilter.samba.org

The previuos version of the firewalling code before Linux 2.4 was called IPChains and can be found at http://netfilter.samba.org/ipchains/

A nice tool for NetFilter is ULOG which can be found at here.

I have written some NetFilter modules myself. The first one adds a new promiscuous hook which get all packets destinated for other hosts while the NIC is in promiscuous mode. This new hook is included in a new table called 'meter'. It works quite stable with iptables-1.2.3.
Download netfilter-prom-patch.tgz

The second module matches RTP packets both over UDP and over TCP. The RTP over UDP classifier is quite stable while the RTP over TCP classifier is experimental. I have tested both with iptables-1.2.3.
Download netfilter-rtp-patch.tgz

I have modified the existing ToS match to allow more flexible matching in particular to allow for classification with arbitrary DSCPs. I have tested the patch with iptables-1.2.3.
Download netfilter-tos-patch.tgz
C Swinburne | CRICOS number 00111D | Contact Us | Copyright and disclaimer | Privacy; | Feedback | Accessibility Information | - Smaller Font | + Larger Font
Last Updated: Wednesday 31-Oct-2007 09:57:10 EST | Maintained by: Sebastian Zander (szander@swin.edu.au) | Authorised by: Grenville Armitage ( garmitage@swin.edu.au)