Netfilter 框架由Rusty Russell 于 1998 年创建。它是linux内核的一个子系统，在2000年3月合并 linux 内核，Netfilter采用模块化设计，具有良好的可扩充性，提供扩展各种网络服务的结构化底层框架，你可以在网络堆栈中的数据包遍历过程中的各个点（netfilter hooks）注册 ...

When deciding on a firewall implementation, most Unix-savvy administrators have usually chosen to use ipfilter on OpenBSD for their combination of capabilities and stability, as the capabilities of ...

Netfilter （配合 iptables）使得用户空间应用程序可以注册内核网络栈在处理数据包时应用的处理规则，实现高效的网络转发和过滤。很多常见的主机防火墙程序以及 Kubernetes 的 Service 转发都是通过 iptables 来实现的。 关于 netfilter 的介绍文章大部分只描述了抽象的 ...

Every self-respecting Linux guru should be familiar with firewalls and how to install and configure them. With this in mind, Linux gurus also should be curious about how firewalls function and how to ...

Nick Gregory, a Sophos threat researcher, found this hole recently while checking netfilter for possible security problems. Gregory explains in great detail his bug hunt, and I recommend it for those ...

Abstract. NAT gateway is an important network system in today's IPv4 network when translating a private IPv4 address to a public address. However, traditional NAT system based on Linux Netfilter ...

Following the publication of “Taming the Wild Netfilter” in the September 2001 issue of LJ [/article/4815], I received a number of e-mails, most asking for more detailed information on working with ...

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. The CVE-2023-32233 ...

Sophos researcher Nick Gregory has uncovered a dangerous security bug in Linux's netfilter application which could enable a local attacker to escalate privileges on vulnerable machines and carry out a ...

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.