Netfilter

2.2 Filtering possibilities

• on input or output of an interface
  • INPUT: always on the interface input
  • OUTPUT: always on the interface output
  • FORWARD: on the interface input or output

• on source or destination address with or without a netmask

• service type

• protocol

• fragments or not

• ICMP type and code

• TCP and UDP: source and destination port with or without a range

• TCP
  • tcp options: SYN, ACK, FIN, RST, URG et PSH
  • connection requets or data transfers

Netfilter

® © Hervé Schauer Consultants 2000 - 4 bis, rue de la gare - 92300 Levallois-Perret
Phone : +33 141 409 700 - Fax : +33 141 409 709 - Email : <secretariat@hsc.fr>