An overview of NFWS

Hallo, I attended the most awaited Netfilter Workshop in Amsterdam. It was a great experience. I met so many amazing people, some also guided me about my future plans. I realized that I would have missed out an important meeting if I had not attended this workshop. You should also attend any workshops you might…

Netfilter workshop

Hola! After having worked for netfilter’s project nftables as a part of my Outreachy internship, I have been invited to the 12th Annual Netfilter Workshop which is going to happen in Amsterdam, The Netherlands. Great thing is that I got my visa today and I will be able to attend it. I would also be…

Outreachy internship complete

Hello all, My internship with Outreachy has been officially complete now. My work however continues. I have taken up the work to add support for some options in nftables and adding some missing code so, I’m continuing to contribute to nftables. If you’re an Open Source enthusiast or a potential Outreachy Round 12 or Google…

Simplest guide to using connlabel

Hello everyone, Today my post is going to be about an iptables/nftables match called connlabel. connlabels are similar to connmarks, except labels are bit-based; i.e. all labels may be attached to a flow at the same time. nftables supports 1024 connlabels. This LWN article covers about it. Now, you must be wondering that why am…

Testing with Scapy

Hi all, I mentioned about using Scapy to test my translation code in the last post. This post is going to reveal how I managed to find out if the translations that the code I wrote was providing were correct. Good thing is that they are correct. Some I have still to figure out but…

iptables-translate (II)

Hi all, This is going to be one another post about the iptables-translate utility. This post is going to cover the importance of this tool and how it can be used to translate different kinds of targets and matches of iptables with examples. The first translation that I provided was for the match “mark”. For…

iptables-translate (I)

Hi all, I mentioned in my last post that there is a newer, better way of creating your own firewall than iptables which is named nftables. For a person new to nftables, it would be really tough to write the exact syntax for adding a particular rule. Now, let us assume that we are completely…