Linked by Thom Holwerda on Fri 20th Mar 2009 22:01 UTC, submitted by diegocg
Linux The Netfilter development team's Patrick McHardy has released an alpha version of nftables, a new firewall implementation for the Linux kernel, with a user space tool for controlling the firewall. nftables introduces a fundamental distinction between the user space defined rules and network objects in the kernel: the kernel component works with generic data such as IP addresses, ports and protocols and provides some generic operations for comparing the values of a packet with constants or for discarding a packet.
Permalink for comment 354254
To read all comments associated with this story, please click here.
RE: application-based filtering
by RenatoRam on Sat 21st Mar 2009 00:47 UTC in reply to "application-based filtering"
RenatoRam
Member since:
2005-11-14

I believe what you suggest is actually not a "firewall" at all, but more in the ballpark of Mandatory Access Control, and it's been in linux for quite some time (and it does much more than that): take a look at SELinux.

Reply Parent Score: 8