Le sam 19/04/2003 à 22:23, Jitin Sahni a écrit : > I have following questions regarding Netfilter/Iptables. [...] > 1. What Attacks does it protect against? Netfilter is a packet filter. So, it protects your networks as it provides network level access control. It also provides full NAT capabilities that are not really security feature, but are usually part of it. > 2. What are the Compatibility Issuses? Compatibility problems occurs on conntrack and NAT for protocols that includes address and ports negociation within the application flow. FTP and H323 are well known examples. Netfilter supports some of theses protocoles, but not all of them. Some of them are partially supported. > 3. Dow do we implement this technology? Install Linux 2.4 kernel based distribution, read HOWTOs and go on. > 4. How commonly is this used? Just have a look at what a packet filter is. Netfilter is mainly used to implement firewalls. > 5. when do you think one should use it? Mainly when you want to : . restrict network level access to your IS . provide NAT capabilities Many others features are available. See http://www.netfilter.org/ -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
