Rules are the building material of the firewall. A firewall without a rule set is an empty firewall, like an air wall. Meaning it allows all including unwanted packets. It's called rule-writing because rule-setting is flexible. There are no hard rules and for the same purpose we can write in many ways. For example, for … Đọc tiếp Building a fault-tolerant firewall system with virtual machines: Writing a firewall ruleset

When the dust of time covers the long lines of code, this image is easy to remember

Recovering helper The feature of fault-tolerant firewall is the ability to recover connections. But if it loses the helper, the connection recovering fails. When conntrackd injects a conntrack whose inherent helper into the kernel conntrack table, the netlink subsystem creates helper for it. Unfortunately, the work of NAT later took the helper away (don't use … Đọc tiếp Building a fault-tolerant firewall system with virtual machines: expectation: part 2: expectation