Building a Netfilter firewall module


Article from Issue 71/2006

We’ll show you how to build your own Netfilter extension with this example of a musical firewall.

Netfilter is the Linux kernel subsystem behind firewall tools such as the famous Iptables. The Netfilter subsystem provides the structure for packet filtering and address translation by offering a series of hooks into the network protocol stack. You can find many commands, scripts, and front-end applications for accessing the Netfilter subsystem – including tools such as Shorewall and Firestarter, as well as the native Iptables – so you don’t have to be a programmer to access the powers of Netfilter. However, if you are ready for a little programming, you can use the built-in Netfilter hooks to create your own custom firewall modules.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • nftables

    Filter rules for firewalls can be tricky. As the successor to iptables, nftables simplifies the process of creating and maintaining firewall rules.

  • Nftables

    The nftables firewall utility offers a simpler and more consistent approach for managing firewalls in Linux.

  • Netfilter's Recent Module

    Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.

  • New Kernel Firewall Nftables to Succeed Netfilter

    The Netfilter team has long been mulling over rework of firewall code in the Linux kernel. Now team lead Patrick McHardy ends months of work by announcing nftables.

  • Bridgewall

    Firewalls are typically implemented as routers,but it doesn’t have to be that way. Bridging packet filters have a number of advantages,and you can add them to your network at a later stage without changing the configuration of your network components.

comments powered by Disqus