BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Linux kernel to include IPv6 firewall

Tags:
Kernel,
Linux,
Netfilter

Ingrid Marson ZDNet.co.uk

Published: 21 Feb 2005 15:10 GMT

Version 2.6.12 of the Linux kernel is likely to include packet filtering that will work with IPv6, the latest version of the Internet Protocol.

Netfilter/iptables, the firewall engine that is part of the Linux kernel, already allows stateless packet filtering for versions 4 and 6 of the Internet protocol, but only allows stateful packet filtering for IPv4. Stateful packet filtering is the more secure method, since it analyses whole streams of packets, rather than only checking the headers of individual packets -- as is done in stateless packet filtering.

Harald Welte, a developer on the Netfilter project and maintainer of the packet filter subsystem in the Linux kernel, said last week that a considerable amount of work went into adding IPv6 functionality, as parts of the code needed to be rewritten to create a plug-in architecture which would allow the packet filter to work with either IPv4 and IPv6.

This plug-in architecture also means that developers can write plug-ins for older network protocols such as IPX, the protocol used by old versions of the Novell NetWare operating system and DECnet, the Digital Equipment Corporation's network protocol.

The IPv6 packet filter will not be available in the next stable release of the Linux kernel, 2.6.11, but is expected to be available in the subsequent version of the kernel, said Welte.

"The kernel development team are still stabilising 2.6.11," said Welte. "Nobody would accept a big patch like this when they are stabilising the release. As soon as 2.6.11 is out we will submit the IPv6 packet filter."

Before being accepted into the Linux kernel, the packet filter must be accepted by David Miller, the maintainer of the IP networking layer, who will then pass it on to Linux founder Linus Torvalds, who is the lead maintainer of the Linux development kernel.

The 2.6.12 kernel is likely to be available in May or June, although it is difficult to anticipate the timing, according to Welte.

"The kernel release schedule is like the stock market -- you can never tell when things will happen," said Welte.

The IPv6 packet filter, known as nf_conntrack, is available for testing from the Netfilter Web site.

Did you find this article useful?
99 out of 184 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

In association with Network Liberation Movement

Company/Topic Alerts

Create a new alert from the list below:

netfilter
Kernel

Linux

Related Jobs

SYSTEMS ENGINEER / SYSTEMS CONSULTANT / PROJECT CONSULTANT – BATH

IT SUPPORT TECHNICIAN / DESKTOP SUPPORT / TECHNICAL SUPPORT– STANSTED

Senior Software Engineer

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner