iptables-TNG free download, iptables-TNG download on software download

	iptables-TNG The Next Generation of iptables
Download

iptables-TNG Ranking & Summary

Rating:

License:
GPL

Price:
FREE

Publisher Name:
Hamid Jafarian and Mahdi Hajimoradi

Publisher web site:

iptables-TNG Tags

iptables-TNG Description

The Next Generation of iptables iptables-TNG is an environment that can use from different packet classification algorithm (eg. tuple) to support large rulesets (more than 10,000 rules) for high bandwidth networks.Do you have any problem with IPtables ?Come and calculate the Network Throughput . base on my tests the network throughput with iptables, as firewall, comes down quickly after 1,000 rules. (see the test2)To solve this problem I wrote A new IPtables. In This version I tried to create the ability of Interactivity beside the ability of using Multiple And Different Classification Algorithms for every chain. In this version one chain (e.g. OUTPUT in filter) Can Use from "linear Classifier" (like of current version) and other chain (e.g. FORWARD in filter) can use from "tuple".I changed all of The user space and also kernel space code of IPtables (for IPv4). In This Version the Implementation of Classification Algorithms Is like of Matches and Targets but doesn’t have User Space implementation (only one (or more) module).Two Classification Algorithms, that are implemented, are: linear and tuple. Linear is like of current version, but the tuple is more and really powerful. You can see their behaviors in the tests. By this version we can develop more algorithms (e.g. HiCuts, HyperCuts, BV , ... ) very easy.Tuple algorithms uses hash tables for rules storage and also uses from hash function to find all of the rules that may match the packet. In my implementation after receiving a packet, at first, all of the rules that may match the packet are found. then only this rules are searched sequentially to find the rule/rules that can match the packet.An Important feature in this version is "Ranking". All of the rules base on their locations (is defined in the "iptables" command when user add a rule) in the list of the rules of a Chain, get a Rank. Thus hashing the rules doesn't create any problem because the algorithm must test the rule with lowest rank from the rules that may match the packet. Thus the users can sit and think; "the rules are stored sequentially and also processed sequentially (like of current version)".New Code:In this version I was used "link list"s in the kernel, instead of continues memory (in the current version) for rule storage and also defined many useful and important structures for "Table", "Chain" and.... This code is different completely and also easy to understand absolutely.All of the rule management activities are transferred to the kernel space (from user space, in the current Version).I tried to do some tests on the new version. You can see this tests and their results, below.New "iptables" command it's not changed. "iptables-save" and "iptables-restore" are adopted. You can use and develop "matches" and "targets" like before. Here are some key features of "iptables-TNG": All Chains can get Policy: · Against the Current Version, the User Chains Like of Built-in Chains can get Policy. All Chains can be used as Target: · you can use from every chain to reference to them as a Rule Target. against the Current Version that you should use only from User Chains as Target. All Chains have reference number: · this define the number of references to the chain (i.e. number of rules that use it as Target). At deletion time, this number must be zero (if not and you try to delete the chain; you will receive an error message from IPtables). RETURN can be Rule Target: · like of Current Version, in the called chains (Child Chains: referenced as a target in one of the rules of Parent Chain), cause to return to the caller (Parent Chain) and In the built chains, the Chain Policy will be used for the matched packet. RETURN can be Chain Policy: · Against the Current Version. In the called chains (Child Chains) this cause to return to the caller (Parent Chain) but in the Built-in Chains, this means DROP. You can change Chain Classifier: · With -C option in the iptables command. for example: iptables -C INPUT tuple. You can do this every time. by this option, base on the number of rules in the chains; you can select best Classification Algorithm for that chain and force it to use that. What's New in This Release: · using kernel-2.6.25 · iptables-1.4.1

iptables-TNG Related Software