Spotlight | Reviews | Current Issue | Newsletter | Subscribe | Contact |
Departments

Partner Links
Website builder
WinWeb OnlineOffice
Shopping and price comparison with product reviews at dooyoo.co.uk

user friendly

CeBIT 2010 CFP

Linux Magazine is offering free booths for the CeBIT 2010 computer fair to selected open source projects. Apply Now!

  linux-magazine.com » Issues » 2006 » 64 » BEYOND THE PORT  

Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg

Blocking protocols at Layer 7 with the L7 patch

BEYOND THE PORT

Author(s): JÖRG HARMUTH

If you need a tool for filtering protocols that doesn’t depend on the port, try L7, an IPTables patch that operates through regular expressions.

Traditional firewalls decide whether to allow or reject packets based on IP addresses, TCP flags, MAC addresses, ports, and other criteria that reside in OSI layers two through four. Experienced admins can probably type commands like iptables -A FORWARD -i $IF -o $OF -p tcp --dport 80 --syn -j ACCEPT standing on their heads. But what if the web server listens on port 8500 rather than port 80? Or if a gaming server misuses this port? Peer-to-peer applications are even worse, as there is no way of predicting the ports they will use. And VoIP makes the chaos complete with Real Time Protocol (RTP), which definitely takes liberties when assigning UDP ports.


Read full article as PDF »


Comments


Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg
Related Articles
SINGING Building a Netfilter firewall module
NAME TRACER Insider Tips: Identd with Linux-based Servers
KEEP OUT! Building a dynamic blacklist with Netfilter's Recent module
Special Linux Magazine 3 for 1 Offer

Get 3 Issues + 3 DVDs for the price of a single issue!

Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download.

Only available for a limited time. Don't miss out!

more...

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2009 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux Technical Review]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland] [Open Source DVD Poland]
International: [Linux Magazine Brazil] [EasyLinux Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]