Next: Complete firewalls based on
Up: Linux firewall facilities for
Previous: A real-life example
Although the current Linux firewall facilities are very useful,
there are still some weaknesses and missing features.
Therefore, possible areas for improvement in future Linux
versions might be:
-
Dynamic packet filters, so that temporary filter rules will
be added automatically for specific protocols (like ftp).
-
Some network address translation (NAT) mechanism.
-
Further modularization of the firewall and masquerading code.
-
Keeping some kind of state information, at least to detect related
fragments.
-
One or more new policies might be added for refusing a packet.
-
Some graphical user interface for configuring the firewall and
accounting rules, being a front-end to ipfwadm.
Given this, there is a good chance that Linux will soon be able to
compete with the more advanced commercial firewall solutions
on the market.
This version of the paper is based on Linux 2.0.25 and ipfwadm 2.3.0.
Currently, only this multi-page HTML version is available.
In the future, also a single-page HTML version (for off-line reading)
and a PostScript version will become available.
Copyright © 1996 by X/OS Experts in Open Systems BV.
All rights reserved.