This is the
talk page for discussing improvements to the
Netfilter article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||
|
I think the iptables article should be merged into this article. I'm willing to do that (and to rewrite the incomplete iptables information in the process). What do people think? — franl ( talk) 01:59, 29 Nov 2004 (UTC)
The official netfilter/iptables project page refers to this project as the "netfilter/iptables" project. Now Wikipedia has links that say "iptables" but redirect to an article named "Netfilter". Would it make sense to rename this article to something like "Netfilter/iptables", "Netfilter and iptables", or "Netfilter/iptables Project"? — franl ( talk) 21:07, 29 Nov 2004 (UTC)
IMHO, the guide to using iptables section should be moved to wikibooks. Reub2000
Moving to Wikibooks is probably not warranted, but this article needs a rewrite by someone who is familiar and can summarize it well, and all the detailed documentation needs to be removed. For these reasons I've added a Technical tag to the article. Commander 00:53, Apr 16, 2005 (UTC)
I've removed the link to the Firestarter software [ [1]] since that project provides little if any additional insight into Netfilter or iptables for the reader. The website linked to doesn't even mention iptables, per Google search of the site. It is open source and perhaps makes use of iptables in it's internals, so I don't think it blatent advertisement. However I don't think having a link to this product on this article is warranted. Wikipedia is not a link repository. Perhaps it might be okay to reference it on a different article (or write one for it), or put it within the Category:Firewall software. - Dmeranda 15:50, 30 August 2005 (UTC)
I went to the trouble of rewriting the intro a few months back because I really want a canonical place to point people, and I like Wikipedia. netfilter is technically the hooks within the core kernel. iptables is technically both the code (module) inside the kernel which walks packets through tables to decide what to do, and the userspace utility which manipulates those tables. Packet filtering (the iptable_filter module) walks the filter table on every packet to decide what to do with it. NAT (the iptable_nat module) walks the nat tables on every packet starting a new connection to decide how to NAT it. There's also a mangle table for special effects.
Please do not fix this; it's subtle and kinda complicated. The introduction now reflect this balance, while acknowledging that just saying "iptables" tends to encompass the lot for those outside the netfilter development community.
I hope that helps. -- Rusty 11:00, 22 October 2005 (UTC)
(2006-07-31) Just to let you know. The purpose of selecting an article is both to point readers to the article and to highlight it to potential contributors. It will remain on the portal for a week or so. The previous selected article was GNU Compiler Collection. Gronky 21:29, 1 August 2006 (UTC)
Someone added a "technical restrictions" note, saying that it should be called "netfilter" not "Netfilter".
This is not the case, but it highlights the inconsistency in the article, which I've also fixed. "iptables" is lower case because it is the name of a Linux command: typing "Iptables" won't work. Netfilter is a noun, so there's no problem capitalizing it.
-- Rusty 23:31, 9 October 2006 (UTC)
I added a link to a new iptables flow diagram, and I think it is superior to the existing 3. Although I have added the new link at the bottom, would anyone object to my moving it to the top of the list? I think the new one is considerably easier to follow the flow, and better structured. -- Pekster 03:06, 10 January 2007 (UTC)
Would someone who understands this sentence care to translate it into English?
"IP set bindings pointing to sets and iptables matches and targets referring to sets creates references, which protects the given sets in the kernel."
That would be nice. Wegesrand 11:42, 29 March 2007 (UTC)
Could still use some work in terms of formatting. One, do we really need half the manpage in the article? I don't see how the various command line switches really add anything to the article, considering that they're only there for the one little daughter command. Two, there's a handful of other commands in the ipset section that aren't clearly labaled as something one uses inside of ipset or as seperate commands. If they are seperate commands, then each should be a subsection. Could probably cut all of those sections in half without serious detriment as well, greatly increasing the readability of the article. MrZaius talk 15:45, 30 March 2007 (UTC)
Per my prior comment, we could, and, per WP:NOT#INDISCRIMINATE, probably should, drop the bulk of the manpage-like content from this work. In 2005, a similar notion was brought up and shot down, but I believe it was correct, and, as such, wish to point out the following quote from WP:NOT:
"Instruction manuals. While Wikipedia has descriptions of people, places, and things, Wikipedia articles should not include instructions or advice (legal, medical, or otherwise), suggestions, or contain "how-to"s. This includes tutorials, walk-throughs, instruction manuals, video game guides, and recipes. Note that this does not apply to the Wikipedia: namespace, where "how-to"s relevant to editing Wikipedia itself are appropriate, such as Wikipedia:How to draw a diagram with Dia. If you're interested in a how-to style manual, you may want to look at our sister project Wikibooks."
Thoughts? MrZaius talk 17:54, 4 May 2007 (UTC)
On the website, "netfilter" seems to be used instead of "Netfilter", but I have found instances of "Netfilter" being used on the site as well. How should the article display the name? Toad King 17:12, 14 July 2007 (UTC)
;-)
—
j.engelh (
talk)
10:51, 25 November 2008 (UTC)Does anyone know a module for netfilter that creates a new policy for the default chains, which in case of packets that don't match any rule pops-up a window and asks the user what to do (a behavior similar to most Windows personal firewall products)? NegativeIQ ( talk) 10:44, 18 April 2008 (UTC)
After viewing the discussion page I had the impression that other contributors to the page did not know who Rusty Russel is. He has contributed to the discussion page using the name "Rusty" (no last name) but his comments may not have registered as those coming from an expert on this subject.
Around 2001 I had an idea about writing documentation to support iptables, then came across work from Oskar Andreasson. This work was organized, detailed, thorough and well-maintained in my opinion -- leaving me with next-to-nothing to improve upon. To date version 24 of his documentation remains as the best documentation on iptables I've found, although (by now) much has been added to the Netfilter project.
Sections 2 and 3 should be removed. Wikipedia isn't the place for much detail about NetFilter since so much functionality is now part of it. (Adding an equivalent level of detail, at a given level, would introduce too much information for this venue). A personal blog is a better place for detail, in my opinion. Perhaps a writer can also point to a blog for additional information -- I don't know about this.
The NetFilter home page does have some information useful for inclusion here but not all of it is as well-written as it might be if it were a well-written Wikipedia article (based on how good some Wikipedia articles have become).
In my opinion, Rusty Russel is too modest to emphasize the value of his NetFilter work and this is one reason I've written this. I do not know him, he does not know me. I've researched him on the web and followed both of these guys for almost 9 years. All that remains clear is that their contribution to this toolset has been watered-down by the many who would seek to profit in places neither of them seem to have done so. We'd really benefit as a community if we could persuade either of them to contribute to this article.
This link goes to a document that was originally written by Oskar: http://www.control.aau.dk/~jdn/edu/litt/ip-tables/iptables/iptables-tutorial.frozentux.net/chunkyhtml/index.html. As I recall his docs were accessible from the frozentux website.
This link goes to Paul "Rusty" Russell's home page: [2].
-- Kernel.package ( talk) 06:57, 21 June 2009 (UTC)
The idea of "user-space" does not apply to NetFilter, if for no other reason than the fact it requires kernel-mode code. The term is too ambiguous anyway. ulogd, for example, provides kernel-mode code that supports a user-mode log application. iptables is a root-only admin tool which isn't precisely referred to as "user-mode" because a non-root user cannot run it (out-of-the-box -- they may be able to on a poorly configured or misconfigured box).
-- Kernel.package ( talk) 07:02, 21 June 2009 (UTC)
There's a mention of a German court case and the outcome but no reference. Though I am sure that it is true, it should only be considered hearsay without a reference. Whoever added that section or others knowledgeable should please cite a reference for that statement. 138.32.32.166 ( talk) 17:21, 5 October 2017 (UTC)Dale OCT 5 2017
Hello fellow Wikipedians,
I have just modified one external link on Netfilter. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 14:27, 20 December 2017 (UTC)
This is the
talk page for discussing improvements to the
Netfilter article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||
|
I think the iptables article should be merged into this article. I'm willing to do that (and to rewrite the incomplete iptables information in the process). What do people think? — franl ( talk) 01:59, 29 Nov 2004 (UTC)
The official netfilter/iptables project page refers to this project as the "netfilter/iptables" project. Now Wikipedia has links that say "iptables" but redirect to an article named "Netfilter". Would it make sense to rename this article to something like "Netfilter/iptables", "Netfilter and iptables", or "Netfilter/iptables Project"? — franl ( talk) 21:07, 29 Nov 2004 (UTC)
IMHO, the guide to using iptables section should be moved to wikibooks. Reub2000
Moving to Wikibooks is probably not warranted, but this article needs a rewrite by someone who is familiar and can summarize it well, and all the detailed documentation needs to be removed. For these reasons I've added a Technical tag to the article. Commander 00:53, Apr 16, 2005 (UTC)
I've removed the link to the Firestarter software [ [1]] since that project provides little if any additional insight into Netfilter or iptables for the reader. The website linked to doesn't even mention iptables, per Google search of the site. It is open source and perhaps makes use of iptables in it's internals, so I don't think it blatent advertisement. However I don't think having a link to this product on this article is warranted. Wikipedia is not a link repository. Perhaps it might be okay to reference it on a different article (or write one for it), or put it within the Category:Firewall software. - Dmeranda 15:50, 30 August 2005 (UTC)
I went to the trouble of rewriting the intro a few months back because I really want a canonical place to point people, and I like Wikipedia. netfilter is technically the hooks within the core kernel. iptables is technically both the code (module) inside the kernel which walks packets through tables to decide what to do, and the userspace utility which manipulates those tables. Packet filtering (the iptable_filter module) walks the filter table on every packet to decide what to do with it. NAT (the iptable_nat module) walks the nat tables on every packet starting a new connection to decide how to NAT it. There's also a mangle table for special effects.
Please do not fix this; it's subtle and kinda complicated. The introduction now reflect this balance, while acknowledging that just saying "iptables" tends to encompass the lot for those outside the netfilter development community.
I hope that helps. -- Rusty 11:00, 22 October 2005 (UTC)
(2006-07-31) Just to let you know. The purpose of selecting an article is both to point readers to the article and to highlight it to potential contributors. It will remain on the portal for a week or so. The previous selected article was GNU Compiler Collection. Gronky 21:29, 1 August 2006 (UTC)
Someone added a "technical restrictions" note, saying that it should be called "netfilter" not "Netfilter".
This is not the case, but it highlights the inconsistency in the article, which I've also fixed. "iptables" is lower case because it is the name of a Linux command: typing "Iptables" won't work. Netfilter is a noun, so there's no problem capitalizing it.
-- Rusty 23:31, 9 October 2006 (UTC)
I added a link to a new iptables flow diagram, and I think it is superior to the existing 3. Although I have added the new link at the bottom, would anyone object to my moving it to the top of the list? I think the new one is considerably easier to follow the flow, and better structured. -- Pekster 03:06, 10 January 2007 (UTC)
Would someone who understands this sentence care to translate it into English?
"IP set bindings pointing to sets and iptables matches and targets referring to sets creates references, which protects the given sets in the kernel."
That would be nice. Wegesrand 11:42, 29 March 2007 (UTC)
Could still use some work in terms of formatting. One, do we really need half the manpage in the article? I don't see how the various command line switches really add anything to the article, considering that they're only there for the one little daughter command. Two, there's a handful of other commands in the ipset section that aren't clearly labaled as something one uses inside of ipset or as seperate commands. If they are seperate commands, then each should be a subsection. Could probably cut all of those sections in half without serious detriment as well, greatly increasing the readability of the article. MrZaius talk 15:45, 30 March 2007 (UTC)
Per my prior comment, we could, and, per WP:NOT#INDISCRIMINATE, probably should, drop the bulk of the manpage-like content from this work. In 2005, a similar notion was brought up and shot down, but I believe it was correct, and, as such, wish to point out the following quote from WP:NOT:
"Instruction manuals. While Wikipedia has descriptions of people, places, and things, Wikipedia articles should not include instructions or advice (legal, medical, or otherwise), suggestions, or contain "how-to"s. This includes tutorials, walk-throughs, instruction manuals, video game guides, and recipes. Note that this does not apply to the Wikipedia: namespace, where "how-to"s relevant to editing Wikipedia itself are appropriate, such as Wikipedia:How to draw a diagram with Dia. If you're interested in a how-to style manual, you may want to look at our sister project Wikibooks."
Thoughts? MrZaius talk 17:54, 4 May 2007 (UTC)
On the website, "netfilter" seems to be used instead of "Netfilter", but I have found instances of "Netfilter" being used on the site as well. How should the article display the name? Toad King 17:12, 14 July 2007 (UTC)
;-)
—
j.engelh (
talk)
10:51, 25 November 2008 (UTC)Does anyone know a module for netfilter that creates a new policy for the default chains, which in case of packets that don't match any rule pops-up a window and asks the user what to do (a behavior similar to most Windows personal firewall products)? NegativeIQ ( talk) 10:44, 18 April 2008 (UTC)
After viewing the discussion page I had the impression that other contributors to the page did not know who Rusty Russel is. He has contributed to the discussion page using the name "Rusty" (no last name) but his comments may not have registered as those coming from an expert on this subject.
Around 2001 I had an idea about writing documentation to support iptables, then came across work from Oskar Andreasson. This work was organized, detailed, thorough and well-maintained in my opinion -- leaving me with next-to-nothing to improve upon. To date version 24 of his documentation remains as the best documentation on iptables I've found, although (by now) much has been added to the Netfilter project.
Sections 2 and 3 should be removed. Wikipedia isn't the place for much detail about NetFilter since so much functionality is now part of it. (Adding an equivalent level of detail, at a given level, would introduce too much information for this venue). A personal blog is a better place for detail, in my opinion. Perhaps a writer can also point to a blog for additional information -- I don't know about this.
The NetFilter home page does have some information useful for inclusion here but not all of it is as well-written as it might be if it were a well-written Wikipedia article (based on how good some Wikipedia articles have become).
In my opinion, Rusty Russel is too modest to emphasize the value of his NetFilter work and this is one reason I've written this. I do not know him, he does not know me. I've researched him on the web and followed both of these guys for almost 9 years. All that remains clear is that their contribution to this toolset has been watered-down by the many who would seek to profit in places neither of them seem to have done so. We'd really benefit as a community if we could persuade either of them to contribute to this article.
This link goes to a document that was originally written by Oskar: http://www.control.aau.dk/~jdn/edu/litt/ip-tables/iptables/iptables-tutorial.frozentux.net/chunkyhtml/index.html. As I recall his docs were accessible from the frozentux website.
This link goes to Paul "Rusty" Russell's home page: [2].
-- Kernel.package ( talk) 06:57, 21 June 2009 (UTC)
The idea of "user-space" does not apply to NetFilter, if for no other reason than the fact it requires kernel-mode code. The term is too ambiguous anyway. ulogd, for example, provides kernel-mode code that supports a user-mode log application. iptables is a root-only admin tool which isn't precisely referred to as "user-mode" because a non-root user cannot run it (out-of-the-box -- they may be able to on a poorly configured or misconfigured box).
-- Kernel.package ( talk) 07:02, 21 June 2009 (UTC)
There's a mention of a German court case and the outcome but no reference. Though I am sure that it is true, it should only be considered hearsay without a reference. Whoever added that section or others knowledgeable should please cite a reference for that statement. 138.32.32.166 ( talk) 17:21, 5 October 2017 (UTC)Dale OCT 5 2017
Hello fellow Wikipedians,
I have just modified one external link on Netfilter. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 14:27, 20 December 2017 (UTC)