Compact Filter 0.3

Compact Filter is a network packet filter for Linux

Developer:   Emmanuel Fleury       more software by author → Price:  0.00 License:   GPL (GNU General Public License) File size:   92K Language:    OS:    Rating:   0 /5 (0 votes) Your vote:   enlarge screenshot

Compact Filter is a network packet filter for Linux. It features an easy-to-use compact filter representation and high performance.

The main features are: easy to use interface, compact filter representation (memory efficient), and very high performance.

A difference between CF and other firewalls, such as Netfilter, is its representation of the ruleset. In CF the user writes a filter which is then compiled and optimized in user-space. The optimized filter is then loaded into the kernel (using netlink). Consequently the in kernel packet filtering code only needs funtionality for setting up a filter and filtering packets, while the more complex code of optimizing the filter remains in user-space.

Because of the continuous increase of the bandwidth and the security threats, firewalls have to evolve towards more efficient filtering schemes. The truth is that the existing scheme does not scale so well with the combined growth of bandwidth and rulesets.

Our aim is to try another approach to perform packet filtering where we minimize the complexity of the filtering process. This result in, both, a reduction of the required CPU power to filter packets and a simpler (and smaller) kernel code. Of course, we are pushing all the smart and complex part out to the user-space, but, developing in user-space is much simpler and safer.

What's New in This Release:

changed -d option to delete all filters

added -D option to delete a specific filter

changed default policy to permit rather than deny

added -l option on flex to support --yylineno on older versions of flex

new and improved install guide
tags user space  compact filter  bandwidth and  simpler and  packet filtering  the user  filter representation  high performance  

Download Compact Filter 0.3

 http://www.cs.auc.dk/~mixxel/cf/down/cf-tools-0.3.tar.bz2

Authors software

Compact Filter 0.3 (by Emmanuel Fleury) Compact Filter is a network packet filter for Linux

Similar software

Compact Filter 0.3 (by Emmanuel Fleury) Compact Filter is a network packet filter for Linux

nf-hipac 0.9.1 (by Michael Bellion and Thomas Heinz) nf-HiPAC is a full featured packet filter for Linux which demonstrates the power and flexibility of HiPAC

DNS Blacklist Packet Filter 0.6 Beta1 (by Russell Miller)

ip-filter-cgi 0.1 (by Alexandre Dulaunoy) ip-filter-cgi is a set of perl script to modify rules of IP Filter (IP Filter is a TCP/IP packet filter cf: http://coombs.anu.edu.au/

filtergen 0.11 (by Matthew Kirkwood) filtergen takes a high-level langauge and compiles it into packet filtering rules for a variety of packet filters

units-filter 2.5 (by Georges Khaznadar)

tcpdump 3.9.5 (by The Tcpdump Group) tcpdump is a handy little library which provides a packet filtering mechanism based on the BSD packet filter (BPF). Most notably,

Shrew Proxy/Filter 0.1.0 (by Thomas Metge) Shrew Proxy/Filter is a tiny proxy built on WEBrick's HTTPProxyServer, extended for both URL and content filtering

Imager::Filters 0.54 (by Arnar M. Hrafnkelsson and Tony Cook)

sifi 0.1 (by R. Muchsel) The SINUS Firewall is a TCP/IP packet filter for Linux

Other software in this category

Nmap 4.20 (by Fyodor) Nmap is a utility for network exploration or security auditing

iptables 1.3.7 (by Harald Welte) iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel

Linux Bandwidth Arbitrator 9.62 (by astormchaser) Linux Bandwidth Arbitrator allows beginning-to-advanced network administrators to control bandwidth

Ettercap 0.7.3 (by ALoR NaGA) Ettercap is a network sniffer/interceptor/logger for ethernet LANs

rdesktop 1.5.0 (by matthewc) rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speakin