Friday, February 20, 2004

Re: iptables

there is actually so much stuff i can ask you on linux actually. did u try kernel 2.6? i tried compiling but on restart get major errors.

Nope... I guess I didn't have the motivation to do it. But I intend to do it sometime soon... maybe after my mid-sems get over. :-)

but i was still able to ping myself !! any ideas.

I tried it and it worked for me... it dropped the ping packets. Don't know how you could still ping yourself! Do you have the right entry corresponding to 127.0.0.1 in your /etc/hosts file? Or if you were connected to the internet and pinged your own machine, the packets could've originated from the dynamic ip (assuming dialup) and would've passed... not sure about this though... don't know!

actually yes and no. firstly there are two parts, packet filtering and actual rules which say what action to be performed to specific packets. packet filtering capability has to be enabled in the kernel. networking protocols etc are all specified in kernel options during compilation. during normal operation there is the iptable app which sits on top and performs various firewall operations based on the packets which the kernel gets. hrishi, correct me if i goofed in the above explanation.

You're pretty much right. In plain English, packet filtering is built into the kernel. So one could say that it is very much a part of linux. iptables is just a tool which tells the kernel what to accept and what not to... In other words, the decisions about packet filtering are made by the kernel (using the rules in the chains) and not by the program iptables. Iptables isn't a daemon...

your iit festival might have been a blast. did you participate/organise?

Nope... just enjoyed! I'm pretty lazy about these things! :-)
There was this lecture by Prof. Kevin Warwick of University of Reading, UK. Don't know if you guys have heard about him; he'd implanted a (actually 3 if I'm not wrong) chips in his hand... and became the first cyborg. It was pretty good. I'll write more about it some day.

No comments: