Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Iptables101 coscup-2018
COSCUP2018 x openSUSE.Asia GNOME.Asia I am Hung-Wei Chiu Co-organizer of SDNDS-TW Co-organizer of CNTUUG I love Linux Netw...
COSCUP2018 x openSUSE.Asia GNOME.Asia How Many People Known Iptables?
COSCUP2018 x openSUSE.Asia GNOME.Asia Network Interface Card PREROUUTING Network Interface Card POSTROUUTING INPUT OUTPUT ...
COSCUP2018 x openSUSE.Asia GNOME.Asia We Don’t Focus On Those Table/Chain Today
COSCUP2018 x openSUSE.Asia GNOME.Asia User Space Kernel Space iptables ebtables application netlink/system call Kernel net...
COSCUP2018 x openSUSE.Asia GNOME.Asia iptables, a command-line tool
COSCUP2018 x openSUSE.Asia GNOME.Asia iptables Home: ○ https://www.netfilter.org/downloads.ht ml Git ○ git://git.netfilter...
COSCUP2018 x openSUSE.Asia GNOME.Asia We Focus On What Will Happen For Each Command
COSCUP2018 x openSUSE.Asia GNOME.Asia Do You Have Meet The Following Message?
COSCUP2018 x openSUSE.Asia GNOME.Asia Another app is currently holding the xtables lock. Perhaps you want to use the -w op...
COSCUP2018 x openSUSE.Asia GNOME.Asia Whathappen iptables command needs a communication between user and kernel space. It ...
COSCUP2018 x openSUSE.Asia GNOME.Asia Let Read The Source Code
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia v v
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia So, We Know The Iptables Use The File Lock
COSCUP2018 x openSUSE.Asia GNOME.Asia Do You Meet The Duplicated Rules ?
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia How Could We Solve This?
COSCUP2018 x openSUSE.Asia GNOME.Asia solution Custom chain ○ Use the ‘-F’ to flush all rules. Check before inserting rule...
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia How Could We Solve This?
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia Now, Let We Learn How To Flush The Rules.
COSCUP2018 x openSUSE.Asia GNOME.Asia c c c
COSCUP2018 x openSUSE.Asia GNOME.Asia First, we need to know how iptables works with kernel?
COSCUP2018 x openSUSE.Asia GNOME.Asia libiptc
COSCUP2018 x openSUSE.Asia GNOME.Asia libiptc Library which manipulates firewall rules Use the system call to interact wit...
COSCUP2018 x openSUSE.Asia GNOME.Asia workflows Initial the libiptc to fetch all current rules. Store those rules into a l...
COSCUP2018 x openSUSE.Asia GNOME.Asia workflows Initial the libiptc to fetch all current rules. In the iptables, we use a ...
COSCUP2018 x openSUSE.Asia GNOME.Asia initlibiptc Initial the libiptc to fetch all current rules.
COSCUP2018 x openSUSE.Asia GNOME.Asia c c
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia Now, we have the cache of the current rules.
COSCUP2018 x openSUSE.Asia GNOME.Asia Let We Flush Rules
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia c
COSCUP2018 x openSUSE.Asia GNOME.Asia Now, We Have Remove Rules From Cache
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia We Commit The Change After Any Commands
COSCUP2018 x openSUSE.Asia GNOME.Asia c
COSCUP2018 x openSUSE.Asia GNOME.Asia c
COSCUP2018 x openSUSE.Asia GNOME.Asia c
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia Now, We Have Flush The Rules.
COSCUP2018 x openSUSE.Asia GNOME.Asia Now, Let’s See What’s The Extension
COSCUP2018 x openSUSE.Asia GNOME.Asia Custom Match Field –m tcp –dport 1234
COSCUP2018 x openSUSE.Asia GNOME.Asia Custom Target Field –j AUDIT –type accept
COSCUP2018 x openSUSE.Asia GNOME.Asia User Space Kernel Space iptables extensions netlink/system call Kernel netfilter sys...
COSCUP2018 x openSUSE.Asia GNOME.Asia Architecture For each extension, you need to prepare two things. User-space library ...
COSCUP2018 x openSUSE.Asia GNOME.Asia For User-Space, iptables command should know how to parse arguments.
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia Howtoread Function ○ DNAT (upper) -> target ○ tcp (lower) -> match File naming Old s...
COSCUP2018 x openSUSE.Asia GNOME.Asia Now, We Take The Custom Match TCP as Example
COSCUP2018 x openSUSE.Asia GNOME.Asia Architecture iptables/extensions/libxt_tcp.c
COSCUP2018 x openSUSE.Asia GNOME.Asia Architecture iptables/extensions/libxt_tcp.c c
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia For Kernel-Space, There’re Some Kernel Modules In The System.
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia c
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia
COSCUP2018 x openSUSE.Asia GNOME.Asia v
COSCUP2018 x openSUSE.Asia GNOME.Asia Demo Time
COSCUP2018 x openSUSE.Asia GNOME.Asia summary The iptables system includes the user-space tool and kernel-space system. We...
COSCUP2018 x openSUSE.Asia GNOME.Asia iptables iptables need a file lock to protect the rules. iptables use the library (l...
COSCUP2018 x openSUSE.Asia GNOME.Asia User Space Kernel Space iptables extensions netlink/system call Kernel netfilter sys...
COSCUP2018 x openSUSE.Asia GNOME.Asia Extenstion For each iptables extension module, you should both user-space and kernel...
COSCUP2018 x openSUSE.Asia GNOME.Asia Thanks!
Upcoming SlideShare
Loading in …5
×

of

Understand the iptables step by step Slide 1 Understand the iptables step by step Slide 2 Understand the iptables step by step Slide 3 Understand the iptables step by step Slide 4 Understand the iptables step by step Slide 5 Understand the iptables step by step Slide 6 Understand the iptables step by step Slide 7 Understand the iptables step by step Slide 8 Understand the iptables step by step Slide 9 Understand the iptables step by step Slide 10 Understand the iptables step by step Slide 11 Understand the iptables step by step Slide 12 Understand the iptables step by step Slide 13 Understand the iptables step by step Slide 14 Understand the iptables step by step Slide 15 Understand the iptables step by step Slide 16 Understand the iptables step by step Slide 17 Understand the iptables step by step Slide 18 Understand the iptables step by step Slide 19 Understand the iptables step by step Slide 20 Understand the iptables step by step Slide 21 Understand the iptables step by step Slide 22 Understand the iptables step by step Slide 23 Understand the iptables step by step Slide 24 Understand the iptables step by step Slide 25 Understand the iptables step by step Slide 26 Understand the iptables step by step Slide 27 Understand the iptables step by step Slide 28 Understand the iptables step by step Slide 29 Understand the iptables step by step Slide 30 Understand the iptables step by step Slide 31 Understand the iptables step by step Slide 32 Understand the iptables step by step Slide 33 Understand the iptables step by step Slide 34 Understand the iptables step by step Slide 35 Understand the iptables step by step Slide 36 Understand the iptables step by step Slide 37 Understand the iptables step by step Slide 38 Understand the iptables step by step Slide 39 Understand the iptables step by step Slide 40 Understand the iptables step by step Slide 41 Understand the iptables step by step Slide 42 Understand the iptables step by step Slide 43 Understand the iptables step by step Slide 44 Understand the iptables step by step Slide 45 Understand the iptables step by step Slide 46 Understand the iptables step by step Slide 47 Understand the iptables step by step Slide 48 Understand the iptables step by step Slide 49 Understand the iptables step by step Slide 50 Understand the iptables step by step Slide 51 Understand the iptables step by step Slide 52 Understand the iptables step by step Slide 53 Understand the iptables step by step Slide 54 Understand the iptables step by step Slide 55 Understand the iptables step by step Slide 56 Understand the iptables step by step Slide 57 Understand the iptables step by step Slide 58 Understand the iptables step by step Slide 59 Understand the iptables step by step Slide 60 Understand the iptables step by step Slide 61 Understand the iptables step by step Slide 62 Understand the iptables step by step Slide 63 Understand the iptables step by step Slide 64 Understand the iptables step by step Slide 65 Understand the iptables step by step Slide 66 Understand the iptables step by step Slide 67 Understand the iptables step by step Slide 68 Understand the iptables step by step Slide 69 Understand the iptables step by step Slide 70 Understand the iptables step by step Slide 71 Understand the iptables step by step Slide 72 Understand the iptables step by step Slide 73 Understand the iptables step by step Slide 74 Understand the iptables step by step Slide 75 Understand the iptables step by step Slide 76 Understand the iptables step by step Slide 77 Understand the iptables step by step Slide 78 Understand the iptables step by step Slide 79 Understand the iptables step by step Slide 80
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.
Technology
Aug. 13, 2018
547 views

0 Likes

Share

Download to read offline

Understand the iptables step by step

Download to read offline

Technology
Aug. 13, 2018
547 views

Show how does the iptables works and use the source code to explain the workflow of iptables step by step. including the file-lock, the system call and the related command of iptables rules.
In the last, I also show the architecture of the iptables extension and use the demo to show how to write your own iptables modules.

Recommended

Related Books

Free with a 30 day trial from Scribd

See all
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(2/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(3.5/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Island of the Lost: An Extraordinary Story of Survival at the Edge of the World Joan Druett
(4/5)
Free
Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate Rose George
(4/5)
Free
Carrying the Fire: 50th Anniversary Edition Michael Collins
(4.5/5)
Free
On War: With linked Table of Contents Carl von Clausewitz
(4.5/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(2.5/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4.5/5)
Free
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(5/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free
Digital Renaissance: What Data and Economics Tell Us about the Future of Popular Culture Joel Waldfogel
(3.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P Williams
(4/5)
Free

  • Be the first to like this

Understand the iptables step by step

  1. 1. Iptables101 coscup-2018
  2. 2. COSCUP2018 x openSUSE.Asia GNOME.Asia I am Hung-Wei Chiu Co-organizer of SDNDS-TW Co-organizer of CNTUUG I love Linux Network/Kubernetes/SDN You can find me at: blog.hwchiu.com
  3. 3. COSCUP2018 x openSUSE.Asia GNOME.Asia How Many People Known Iptables?
  4. 4. COSCUP2018 x openSUSE.Asia GNOME.Asia Network Interface Card PREROUUTING Network Interface Card POSTROUUTING INPUT OUTPUT INPUT OUTPUT FORWARDRouting Routing LOCAL PROCESS DNAT
  5. 5. COSCUP2018 x openSUSE.Asia GNOME.Asia We Don’t Focus On Those Table/Chain Today
  6. 6. COSCUP2018 x openSUSE.Asia GNOME.Asia User Space Kernel Space iptables ebtables application netlink/system call Kernel netfilter system Network Interface Card Network Interface Card
  7. 7. COSCUP2018 x openSUSE.Asia GNOME.Asia iptables, a command-line tool
  8. 8. COSCUP2018 x openSUSE.Asia GNOME.Asia iptables Home: ○ https://www.netfilter.org/downloads.ht ml Git ○ git://git.netfilter.org/iptables.git
  9. 9. COSCUP2018 x openSUSE.Asia GNOME.Asia We Focus On What Will Happen For Each Command
  10. 10. COSCUP2018 x openSUSE.Asia GNOME.Asia Do You Have Meet The Following Message?
  11. 11. COSCUP2018 x openSUSE.Asia GNOME.Asia Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
  12. 12. COSCUP2018 x openSUSE.Asia GNOME.Asia Whathappen iptables command needs a communication between user and kernel space. It need a lock to make sure the consistence iptables will exit if it can’t acquire the lock by default. Use the –w option to wait the lock.
  13. 13. COSCUP2018 x openSUSE.Asia GNOME.Asia Let Read The Source Code
  14. 14. COSCUP2018 x openSUSE.Asia GNOME.Asia
  15. 15. COSCUP2018 x openSUSE.Asia GNOME.Asia
  16. 16. COSCUP2018 x openSUSE.Asia GNOME.Asia v v
  17. 17. COSCUP2018 x openSUSE.Asia GNOME.Asia
  18. 18. COSCUP2018 x openSUSE.Asia GNOME.Asia So, We Know The Iptables Use The File Lock
  19. 19. COSCUP2018 x openSUSE.Asia GNOME.Asia Do You Meet The Duplicated Rules ?
  20. 20. COSCUP2018 x openSUSE.Asia GNOME.Asia
  21. 21. COSCUP2018 x openSUSE.Asia GNOME.Asia How Could We Solve This?
  22. 22. COSCUP2018 x openSUSE.Asia GNOME.Asia solution Custom chain ○ Use the ‘-F’ to flush all rules. Check before inserting rule ○ Use the ‘-C’ to check. Modify the iptables to avoid duplicated rules.
  23. 23. COSCUP2018 x openSUSE.Asia GNOME.Asia
  24. 24. COSCUP2018 x openSUSE.Asia GNOME.Asia How Could We Solve This?
  25. 25. COSCUP2018 x openSUSE.Asia GNOME.Asia
  26. 26. COSCUP2018 x openSUSE.Asia GNOME.Asia
  27. 27. COSCUP2018 x openSUSE.Asia GNOME.Asia
  28. 28. COSCUP2018 x openSUSE.Asia GNOME.Asia
  29. 29. COSCUP2018 x openSUSE.Asia GNOME.Asia Now, Let We Learn How To Flush The Rules.
  30. 30. COSCUP2018 x openSUSE.Asia GNOME.Asia c c c
  31. 31. COSCUP2018 x openSUSE.Asia GNOME.Asia First, we need to know how iptables works with kernel?
  32. 32. COSCUP2018 x openSUSE.Asia GNOME.Asia libiptc
  33. 33. COSCUP2018 x openSUSE.Asia GNOME.Asia libiptc Library which manipulates firewall rules Use the system call to interact with kernel ○ GetSocketOpt ○ SetSocketOpt Maintain a cache for each iptables command.
  34. 34. COSCUP2018 x openSUSE.Asia GNOME.Asia workflows Initial the libiptc to fetch all current rules. Store those rules into a local cache Operates rules in that cache Commit the change to the kernel.
  35. 35. COSCUP2018 x openSUSE.Asia GNOME.Asia workflows Initial the libiptc to fetch all current rules. In the iptables, we use a handle (xtc_handle) to represent the cache.
  36. 36. COSCUP2018 x openSUSE.Asia GNOME.Asia initlibiptc Initial the libiptc to fetch all current rules.
  37. 37. COSCUP2018 x openSUSE.Asia GNOME.Asia c c
  38. 38. COSCUP2018 x openSUSE.Asia GNOME.Asia
  39. 39. COSCUP2018 x openSUSE.Asia GNOME.Asia
  40. 40. COSCUP2018 x openSUSE.Asia GNOME.Asia Now, we have the cache of the current rules.
  41. 41. COSCUP2018 x openSUSE.Asia GNOME.Asia Let We Flush Rules
  42. 42. COSCUP2018 x openSUSE.Asia GNOME.Asia
  43. 43. COSCUP2018 x openSUSE.Asia GNOME.Asia
  44. 44. COSCUP2018 x openSUSE.Asia GNOME.Asia
  45. 45. COSCUP2018 x openSUSE.Asia GNOME.Asia c
  46. 46. COSCUP2018 x openSUSE.Asia GNOME.Asia Now, We Have Remove Rules From Cache
  47. 47. COSCUP2018 x openSUSE.Asia GNOME.Asia
  48. 48. COSCUP2018 x openSUSE.Asia GNOME.Asia We Commit The Change After Any Commands
  49. 49. COSCUP2018 x openSUSE.Asia GNOME.Asia c
  50. 50. COSCUP2018 x openSUSE.Asia GNOME.Asia c
  51. 51. COSCUP2018 x openSUSE.Asia GNOME.Asia c
  52. 52. COSCUP2018 x openSUSE.Asia GNOME.Asia
  53. 53. COSCUP2018 x openSUSE.Asia GNOME.Asia Now, We Have Flush The Rules.
  54. 54. COSCUP2018 x openSUSE.Asia GNOME.Asia Now, Let’s See What’s The Extension
  55. 55. COSCUP2018 x openSUSE.Asia GNOME.Asia Custom Match Field –m tcp –dport 1234
  56. 56. COSCUP2018 x openSUSE.Asia GNOME.Asia Custom Target Field –j AUDIT –type accept
  57. 57. COSCUP2018 x openSUSE.Asia GNOME.Asia User Space Kernel Space iptables extensions netlink/system call Kernel netfilter system Network Interface Card Network Interface Card extensions extensions extensions Kernel module Kernel module Kernel module Kernel module
  58. 58. COSCUP2018 x openSUSE.Asia GNOME.Asia Architecture For each extension, you need to prepare two things. User-space library to parse the command. Kernel-space module to implement that function.
  59. 59. COSCUP2018 x openSUSE.Asia GNOME.Asia For User-Space, iptables command should know how to parse arguments.
  60. 60. COSCUP2018 x openSUSE.Asia GNOME.Asia
  61. 61. COSCUP2018 x openSUSE.Asia GNOME.Asia
  62. 62. COSCUP2018 x openSUSE.Asia GNOME.Asia Howtoread Function ○ DNAT (upper) -> target ○ tcp (lower) -> match File naming Old style ○ libipt_ -> ipv4 ○ libip6t -> ipv6 New Style ○ libxt -> ipv4/ipv6
  63. 63. COSCUP2018 x openSUSE.Asia GNOME.Asia Now, We Take The Custom Match TCP as Example
  64. 64. COSCUP2018 x openSUSE.Asia GNOME.Asia Architecture iptables/extensions/libxt_tcp.c
  65. 65. COSCUP2018 x openSUSE.Asia GNOME.Asia Architecture iptables/extensions/libxt_tcp.c c
  66. 66. COSCUP2018 x openSUSE.Asia GNOME.Asia
  67. 67. COSCUP2018 x openSUSE.Asia GNOME.Asia
  68. 68. COSCUP2018 x openSUSE.Asia GNOME.Asia For Kernel-Space, There’re Some Kernel Modules In The System.
  69. 69. COSCUP2018 x openSUSE.Asia GNOME.Asia
  70. 70. COSCUP2018 x openSUSE.Asia GNOME.Asia c
  71. 71. COSCUP2018 x openSUSE.Asia GNOME.Asia
  72. 72. COSCUP2018 x openSUSE.Asia GNOME.Asia
  73. 73. COSCUP2018 x openSUSE.Asia GNOME.Asia
  74. 74. COSCUP2018 x openSUSE.Asia GNOME.Asia v
  75. 75. COSCUP2018 x openSUSE.Asia GNOME.Asia Demo Time
  76. 76. COSCUP2018 x openSUSE.Asia GNOME.Asia summary The iptables system includes the user-space tool and kernel-space system. We focus on how user-space tools works today.
  77. 77. COSCUP2018 x openSUSE.Asia GNOME.Asia iptables iptables need a file lock to protect the rules. iptables use the library (libiptc) to control the rules via system call. You can extend the iptables by implement the extension match/target function.
  78. 78. COSCUP2018 x openSUSE.Asia GNOME.Asia User Space Kernel Space iptables extensions netlink/system call Kernel netfilter system Network Interface Card Network Interface Card extensions extensions extensions Kernel module Kernel module Kernel module Kernel module
  79. 79. COSCUP2018 x openSUSE.Asia GNOME.Asia Extenstion For each iptables extension module, you should both user-space and kernel-space. Please make sure the kernel version consistent Use—Space ○ Implement the arguments and store the data into pre-defined structure. Kernel-Space ○ Implement the match function
  80. 80. COSCUP2018 x openSUSE.Asia GNOME.Asia Thanks!

Show how does the iptables works and use the source code to explain the workflow of iptables step by step. including the file-lock, the system call and the related command of iptables rules. In the last, I also show the architecture of the iptables extension and use the demo to show how to write your own iptables modules.

Views

Total views

547

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

41

Shares

0

Comments

0

Likes

0

×