Re: ULOG vs. NFQUEUE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Le vendredi 30 novembre 2007 à 15:06 -0800, Gilad Benjamini a écrit :
> I read about ULOG and NFQUEUE in the man page, and there is something
> I don't understand, and that is, why is NFQUEUE needed.
> If I understand this correctly, a ULOG target with no prefix, that
> sends the entire packet to userland, and is followed by an equivalent
> DROP rule, does the same thing as NFQUEUE.
> Doesn't it ?
> I admit that I am no big expert on nfnetlink_queue. Could I be missing
> something there ?

You're missing the whole thing.

NFQUEUE is a terminal target where the userspace take the decision on
accepting or dropping the packet. It is used by project like
snort-inline (http://snort-inline.sourceforge.net/) or nufw
(http://www.nufw.org) to improve Netfilter filtering capabilities.
Snort-inline adds IPS capabilities to Netfilter and NuFW add
identity-based rules.

ULOG (or NFLOG) is a non-terminal target which is used for logging
purpose. Packet is sent to user space but there is no user space to
kernel space interaction.

BR,
-- 
Eric Leblond <eric@xxxxxx>
INL

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux