next up previous
Next: Introduction

Linux firewall facilities
for kernel-level packet screening

Jos Vos <>
Willy Konijnenberg <>

X/OS Experts in Open Systems BV
Kruislaan 419
1098 VA Amsterdam
The Netherlands

NLUUG Spring Conference 1996
De Reehorst, Ede, The Netherlands
May 8-9, 1996


The freely available Linux operating system includes a number of facilities for efficient kernel-level IP packet filtering and screening. The acceptance and forwarding of IP packets can be regulated by specifying filter rules, using packet and network device characteristics, such as IP addresses, port numbers, IP flags, and incoming or outgoing interfaces. Linux also provides a facility comparable (to some extend) with transparent proxies (not requiring any changes for users or application software), which is implemented as part of the IP firewall module and can be configured using a similar set of rules.

Note that this paper is based on Linux 1.3.88 and ipfwadm 2.0, describing the situation in April 1996.
A revision of this paper for Linux 2.0.x and ipfwadm 2.3.0 is planned, but not yet available.

Copyright © 1996 by X/OS Experts in Open Systems BV. All rights reserved.