You’ve come to the end of this article. This means that by now you are aware of the possibilities that the Netfilter framework brings to the table, along with the iptables user space. In a nutshell, probably the biggest advantage of this infrastructure lies in its flexibility and extensibility. Packet filtering (both stateful and stateless) has been proven to be reliable, and thousands of people are relying on it. So it’s been field tested.
The API allows numerous third party tools that target various system administration niches. If you need something specific, somebody may have already created a module, a chain, or a user space that’s at least similar to what you need. Surely, it won’t match your network infrastructure right away, but you can always apply some changes here and there; the job is done—faster (and perhaps easier) than doing it from scratch.
Moreover, chances are that you are already using some sort of network address translation and masquerading, and perhaps even running transparent proxies. You can do all of these with ease thanks to Netfilter. One thing is clear; it’s surely a framework that deserves to be looked into. You may eventually set up a gateway server running on Linux just for “proxy” services, firewalling, and NAT. Who knows?
Finally, we can’t really finish without inviting you to join our helpful forums at DevHardware. We’ve a strong base of resident professionals, enthusiasts, and tech experts. If you want to hear opinions on some service or ask some clarifications regarding some details just shoot us with your questions. We’ll do our best to help. And you should also want to pay a visit to our sister community, DevShed Forums.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
