If you need a tool for filtering protocols that doesn’t depend on the port, try L7, an IPTables patch that operates through regular expressions.
Traditional firewalls decide whether to allow or reject packets based on IP addresses, TCP flags, MAC addresses, ports, and other criteria that reside in OSI layers two through four. Experienced admins can probably type commands like iptables -A FORWARD -i $IF -o $OF -p tcp --dport 80 --syn -j ACCEPT standing on their heads. But what if the web server listens on port 8500 rather than port 80? Or if a gaming server misuses this port? Peer-to-peer applications are even worse, as there is no way of predicting the ports they will use. And VoIP makes the chaos complete with Real Time Protocol (RTP), which definitely takes liberties when assigning UDP ports.
Get 3 Issues + 3 DVDs for the price of a single issue!
Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download.
Only available for a limited time. Don't miss out!
Comments