I.T. Security and Linux Administration

Jul 25 2011   5:18PM GMT

Improved Network Security



Posted by: Eric Hansen
Tags:
3.0
firewall
improvements
ipset
iptables
linux
network
security
tcp

With Linux 3.0 coming up around the corner, I thought it would be good to discuss some (possible) future improvements and additions to the kernel.  While this is already in the 2.8 branch (which was created before the official 3.0 was announced), it’ll be interesting to see what is carried over.  One of the first things that caught my eyes was not so much a new feature, but a plugin that’s becoming a standard inside of the kernel itself, IPSets.

Originally, IPSets started off as a plug in for iptables.  It allowed for dynamic updating and easier creation, management, etc… of white and blacklists.  As this has been in the works since the 2.4 branch, the list of supported methods is not exactly short, with about 12 different types of sets someone can create, each with pros and cons, it’s kind of hard to imagine this not fitting at least some needs.  Also, according to Linux Format’s latest issue (August 2011, pg. 8), some modifications to the TCP code yields 10 percent better network latency (this isn’t exactly stated as being directly due to the implementation of ipset, but interesting none the less).

While I have not used this personally, I can see a lot of benefits of doing so, and will report back on results after installing the module and seeing how beneficial it is to my home network.  If all goes according to plan, this will be based on both Arch Linux and Ubuntu, latest releases for both.

You can visit the official homepage of ipset here: http://ipset.netfilter.org/

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: