High-class talks around the clock in the Forum, non-commercial projects presenting their work, new developments at the largest IT fair in the world, CeBIT Open Source 2010 in Hanover, Germany.
If you need a tool for filtering protocols that doesn’t depend on the port, try L7, an IPTables patch that operates through regular expressions.
Traditional firewalls decide whether to allow or reject packets based on IP addresses, TCP flags, MAC addresses, ports, and other criteria that reside in OSI layers two through four. Experienced admins can probably type commands like iptables -A FORWARD -i $IF -o $OF -p tcp --dport 80 --syn -j ACCEPT standing on their heads. But what if the web server listens on port 8500 rather than port 80? Or if a gaming server misuses this port? Peer-to-peer applications are even worse, as there is no way of predicting the ports they will use. And VoIP makes the chaos complete with Real Time Protocol (RTP), which definitely takes liberties when assigning UDP ports.
Watch our free Video Archive from Apachecon US 2009. Archive provided by The Apache Foundation, COLLABNET, and Linux Pro Magazine
Drawing internationally renowned thought-leaders, contributors, and organizations in the Open Source community, ApacheCon offers insight into the culture and community that develops and shepherds industry-leading Open Source projects, including Apache HTTP Server – the world's most popular Web server software for more than 10 years.
Comments