The issue of a conntrack injection from user space lost helper that was mentioned in the expectation post. That's one way to fix it. A patch has been added to the Linux kernel as follows: [ Upstream commit d1ca60efc53d665cf89ed847a14a510a81770b81 ]When userspace, e.g. conntrackd, inserts an entry with a specified helper,its possible that the helper is … Đọc tiếp Building a fault-tolerant firewall system with virtual machines: Kernel patch due to loss of helper

Rules are the building material of the firewall. A firewall without a rule set is an empty firewall, like an air wall. Meaning it allows all including unwanted packets. It's called rule-writing because rule-setting is flexible. There are no hard rules and for the same purpose we can write in many ways. For example, for … Đọc tiếp Building a fault-tolerant firewall system with virtual machines: Writing a firewall ruleset

When the dust of time covers the long lines of code, this image is easy to remember