- 博客(0)
- 资源 (7)
- 收藏
- 关注
UNIX AND LINUX SYSTEM ADMINISTRATION HANDBOOK(最新版)
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have
been printed with initial capital letters or in all capitals.
Red Hat Enterprise Linux and the Red Hat SHADOWMAN logo are registered trademarks of Red Hat Inc., and such
trademarks are used with permission.
Ubuntu is a registered trademark of Canonical Limited, and is used with permission.
SUSE and openSUSE are registered trademarks of Novell Inc. in the United States and other countries.
Oracle Solaris and OpenSolaris are registered trademarks of Oracle and/or its affiliates. All rights reserved.
HP-UX is a registered trademark of Hewlett-Packard Company. (HP-UX®)
AIX is a trademark of IBM Corp., registered in the U.S. and other countries.
The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of
any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential
damages in connection with or arising out of the use of the information or programs contained herein.
2012-10-01
Designing And Implementing Linux Firewalls With QoS
A networking firewall is a logical barrier designed to prevent unauthorized
or unwanted communications between sections of a computer network.
Linux-based firewalls besides being highly customizable and versatile are also
robust, inexpensive, and reliable.
The two things needed to build firewalls and QoS with Linux are two packages
named netfilter and iproute. While netfilter is a packet-filtering framework included
in the Linux kernels 2.4 and 2.6, iproute is a package containing a few utilities that
allow Linux users to do advanced routing and traffic shaping.
L7-filter is a packet classifier for the Linux kernel that doesn't look up port numbers
or Layer 4 protocols, but instead looks at the data in an IP packet and does a regular
expression match on it to determine what kind of data it is, mainly what application
protocol is being used. IP2P is an alternative to L7-filter, but has been designed for
filtering only P2P applications while L7-filter takes into consideration a wider range
of applications.
2009-05-21
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人