Chinaunix首页 | 论坛 | 博客
  • 博客访问: 611661
  • 博文数量: 150
  • 博客积分: 1132
  • 博客等级: 少尉
  • 技术积分: 2067
  • 用 户 组: 普通用户
  • 注册时间: 2012-04-11 16:46
文章分类

全部博文(150)

文章存档

2015年(15)

2014年(75)

2013年(4)

2012年(56)

分类: LINUX

2012-06-28 11:22:58

iptables is extensible, meaning that both the kernel and the iptables tool can be extended to provide new features.

Kernel extensions normally live in the kernel module subdirectory,such as /lib/modules/2.4.0-test10/kernel/net/ipv4/netfilter. They are demand loaded if your kernel was compiled with CONFIG_KMOD set, so you should not need to manually insert them.

Extensions to the iptables program are shared libraries which usually live in /usr/local/lib/iptables/, although a distribution would put them in /lib/iptables or /usr/lib/iptables.

Extensions come in two types:
=============================
new targets, and new matches (we'll talk 
about new targets a little later). Some protocols automatically offer new tests: currently these are TCP, UDP and ICMP as shown below.
阅读(1130) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~