Книга: Linux Network Administrator Guide, Second Edition
IP Firewall Chains (2.2 Kernels)
Most aspects of Linux are evolving to meet the increasing demands of its users; IP firewall is no exception. The traditional IP firewall implementation is fine for most applications, but can be clumsy and inefficient to configure for complex environments. To solve this problem, a new method of configuring IP firewall and related features was developed. This new method was called "IP Firewall Chains" and was first released for general use in the 2.2.0 Linux kernel.
The IP Firewall Chains support was developed by Paul Russell and Michael Neuling.[63] Paul has documented the IP Firewall Chains software in the IPCHAINS-HOWTO.
IP Firewall Chains allows you to develop classes of firewall rules to which you may then add and remove hosts or networks. An artifact of firewall rule chaining is that it may improve firewall performance in configurations in which there are lots of rules.
IP Firewall Chains are supported by the 2.2 series kernels and are also available as a patch against the 2.0.* kernels. The HOWTO describes where to obtain the patch and provides lots of useful hints about how to effectively use the ipchains configuration utility.
- Setting Up Linux for Firewalling
- Kernel Configured with IP Firewall
- The ipchains Utility
- Chapter 6. Traversing of tables and chains
- Chapter 13. rc.firewall file
- User specified chains
- example rc.firewall
- explanation of rc.firewall
- Displacement of rules to different chains
- Setting up user specified chains in the filter table
- rc.firewall.txt script structure
- rc.firewall.txt