Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Unit 5.docx
1. Unit 5:
UNIX System V
Unix System V (pronounced: "System Five") is one of the first commercial versions of the Unix
operating system. It was originally developed by AT&T and first released in 1983. Four major
versions of System V were released, numbered 1, 2, 3, and 4. System V Release 4 (SVR4) was
commercially the most successful version, being the result of an effort, marketed as Unix System
Unification, which solicited the collaboration of the major Unix vendors. It was the source of
several common commercial Unix features. System V is sometimes abbreviated to SysV.
Linux Netfilter Architecture
I would like to briefly explain the structure of Linux Netfilter architecture, How it works and
how does packet flow through Linux machine.
What is a Firewall?
A firewall is a device software or hardware which is used to filter out the packets going through
the network on the basis of some rules and policies.
The firewall has two components one is packet filtering and the second is an application-level
gateway. Both of these technologies used to filter out packets depending on packet header and
payload information. Packet filter works up to layer 4 (Transport Layer) in the TCP/IP model.
Additionally, if we wanna filter out the packet on the basis of payload or data then Application-
level gateway is used. I don't wanna go into details of both this article is just to understand
packet filters architecture and how it works. Please look at ipv4 header, TCP header, UDP header
and ARP header on Wikipedia. https://en.wikipedia.org/wiki/IPv4
How Does Packet Filter work?
packet filter is a component of a firewall that is used to filter out packets on specified rules.
Packet filter takes the packet and matches with specified rules in iptables (program provided by
Linux kernel firewall ) , Then the header information of a packet is compared with features
specified in rules. If header properties of the packet do match with Rule features then
corresponding actions triggered for a particular rule. Remeber again each rule has two sub-
components features that have all the information that is compared against packet header
information and the second component is the target in which actions are specified e.g drop the
2. packet, send the packet to another rule chain or accept the packet. All rules work in linear order
keep in mind order is so crucial. Default rule works such a way if the above rule does not accept
packets then default accepts, or another way around but what to accept or deny that should be
manually specified.
Packet filters with rules (1.0 figure)
what is a Packet?
A packet is a chunk of information that flows through the internet. Additionally, a packet
contains all the information that is important for intermediate stations to get to the destination
point. e.g packet header.
For example, a TCP IP packet may have sender IP address, receiver IP address, sender port
number, receiver port number and protocol to which on receiving side the packet would be
handed over.
TCP/IP Packet (figure 1.1)
Netfilter Architecture and how does it work?
Netfilter Architecture is an indispensable component of firewall. I would briefly explain here
what are chains and how these chains work.
3. There are five chains, but we are only concerned to know about three. These are so crucial for
getting into this topic. Whenever a packet comes to the machine or PC, there is a NIC card
through which network traffic goes in or out.
as depicted above in figure 1.3. when TCP IP packet comes to network interface card then that is
sent to the Pre Routing chain where the decision is made either the packet is destined for the
local process, or for another router or another interface depending upon packet header
information, The decision is made for routing the packet.
1. INPUT CHAIN: If the packet is destined for local process (process means the execution
of code at run time) so remember the local process could be any application interacting
with the network. I am considering, for example, an application running on port 80.
2. OUTPUT CHAIN: If the packet is generated through the local process and intended to
go to another machine or network or router etc. That packet will flow through OUTPUT
CHAIN and then POSTROUTING chain and then handed over to the network interface
card.
3. FORWARD CHAIN: if packet comes through network interface and then the decision is
made either the packet is intended for local machine or is for another network interface or
in another words packet is for another machine or router then the packet goes through
FORWARD CHAIN and then sent to POSTROUTING and lastly to NIC.
4. I hope this would be useful to get to know about Netfilter architecture and how it works. For
practical purpose go through “sudo iptables -v -L” in Linux you will be able to see all these three
chains and play around by creating client-server machines.