What is netfilter.org?

netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series. Software commonly associated with netfilter.org is iptables. Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the redesigned and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems. netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework.

Main Features

stateless packet filtering (IPv4 and IPv6) stateful packet filtering (IPv4 and IPv6) all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 only) flexible and extensible infrastructure multiple layers of API's for 3rd party extensions large number of plugins/modules kept in 'patch-o-matic' repository

What can I do with netfilter/iptables?

build internet firewalls based on stateless and stateful packet filtering use NAT and masquerading for sharing internet access if you don't have enough public IP addresses use NAT to implement transparent proxies aid the tc and iproute2 systems used to build sophisticated QoS and policy routers do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

Q5 .IPtables
iptables

Original author(s)

Rusty Russell

Developer(s)

Netfilter Core Team

Initial release

1998

Stable release

1.4.12.2 / January 2, 2012; 2 months ago

[1]

Written in

Operating system

Linux

Type

Packet filtering

License

GNU General Public License

Website

www.netfilter.org

iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtablesto Ethernet frames. iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man page,[2] which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is more like a service rather than an "essential binary", the preferred location remains /usr/sbin.

iptables is also commonly used to inclusively refer to the kernellevel components. x_tables is the name of the kernel module
carrying the shared code portion used by all four modules that also provides the API used for extensions; subsequently,Xtables is more or less used to refer to the entire firewall (v4,v6,arp,eb) architecture.

Q9:SSH Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).[1]The protocol specification distinguishes two major versions that are referred to as SSH-1 and SSH-2. The best-known application of the protocol is for access to shell accounts on Unix-like operating systems. It was designed as a replacement for Telnet and other insecureremote shell protocols such as the Berkeley rsh and rexec protocols, which send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.[2] The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary.[1] Anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps the private key secret). While authentication is based on the private key, the key itself is never transferred through the network during authentication. SSH only verifies if the same person offering the public key also owns the matching private key. Hence, in all versions of SSH it is important to verify unknown public keys, i.e.associate the public keys with identities, before accepting them as valid. Accepting an

attacker's public key without validation will authorize an unauthorized attacker as a valid user.