Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Building a Robust Linux Security Solution: Page 3 of 15

In addition to the output and input chains, Linux supports a forward chain that controls packets that flow through the firewall but are destined for another host.

As with many other packet-filtering systems, one drawback to
is that certain types of higher-level protocols (like UDP) are difficult to filter. These protocols often require the ability to perform a “stateful inspection” of the connection table, where the decision to accept or deny a packet-forward request is based on whether or not an outbound connection to the requesting host already exists.

Note that kernel support for
is not enabled by default, so you will have to rebuild a kernel from the source tree, remembering to specify the
option during the
make config