NETFILTER structure

proc setup

/proc/sys/net/ipv4/ip_forward

Set to 1 for IP forwarding (routing).

/proc/sys/net/ipv4/ip_dynaddr

Set to 1 for dynamic IPs.

Netfilter system calls

/proc/sys/net/ipv4/netfilter

Netfilter modules

/lib/modules/kernel_version/kernel/net/ipv4/netfilter/

The lowercase modules are for maches and the uppercase ones are for targets.

CONNTRACK

Conntrack table: /proc/net/ip_conntrack

Named hashlimit hashes: /proc/net/ipt_hashlimit/

Conntrack helper modules

ip_conntrack_ftp

ip_conntrack_irc

#probably a bad idea on production non-irc servers will all the kids planting irc bots where ever they can

ip_conntrack_tftp

#the helper module for trivial FTP – probably not needed

ip_conntrack_amanda

Note that if you also use NAT you need to also load the helper modules for NAT (they should be starting with ip_nat_):

ip_nat_ftp

ip_nat_irc

Uncategorized