knetfilter 3.5.1 review
DownloadKnetfilter project is a KDE application designed to manage the netfilter functionalities that come with the kernels 2.4 and later.
|
|
Knetfilter project is a KDE application designed to manage the netfilter functionalities that come with the kernels 2.4 and later.
In Princip, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables comand line, it is possible also some monitoring with tcpdump and nmap (nmap is slow) interfaces.
Now knetfilter is able to save iptables rules indipendently from iptable-save command (that does not work). ALL Chain policies are saved. (knetfilter has been the first GUI/application running with Linux 2.4.X able to save and restore your work on your firewall, at less for what I know)
Since version 2.2.2 knetfilter allows CBQ traffic shaping using fw classifier. Actually a lot of more stuff about QoS support has been developed inside of knetfilter, as, for example, the possibility to delete a class or a qdisc, and a monitor to see which qdiscs, classes and filters have been configured. They are all cool features, but probably a save function will not be developed for now (happy to receive a patch for that).
Limitations:
Iptables 1.2.3 has a noisy bug, so that TOS mangling works just if TOS value is setted using the name and not the numeric value. A workaround is easy, but iptables-save saves TOS related rules using the exadecimal value, so anyway users would not be able to restore them, since iptables would be unable to understand the syntax. Knetfilter uses decimal value to set the TOS, and that is a correct way to do so, but with iptables 1.2.3 this simply does not work! My suggestion for now is to avoid iptables 1.2.3 if you need TOS mangling. Anyway iptables 1.2.3 is a really old version, so why should you use it?
What's New in This Release:
Some typos were corrected.
knetfilter 3.5.1 search tags