An Analysis on Scalable and Faster Iptables in Linux Operating System

Alishbah Khan Niazi*, Muhammad Ahmed Ather Usmani **
*-** Department of Computer Science, Bahria University, Karachi, Pakistan.
Periodicity:June - August'2020
DOI : https://doi.org/10.26634/jcom.8.2.17759

Abstract

Linux is a well-known operating system (os) in today's world. It has not only created a name but has also created a whole market for itself. It is today competing with Microsoft Windows which is in fact a giant, os in the computer world. Linux finds its utility in many machines other than computers for example: Servers, Routers, automation controls, etc. Every operating system that existed always needed and always had a way of securing the data that was entrusted to it. Commonly, this kind of security is referred to as a 'Firewall'. Firewalls come with different settings to ensure maximum security and to put up a defense against getting hacked or if considering a server, to fight against a Denial-of-Service attack (DoS). Linux provides such security in the form of a firewall. Firewall filters out the data packets using the rules that were created by the administrator. In firewall, the component that handles the filtering is the net filter/iptables. iptables assist in filtering the packets into different hooks which basically belong to three different categories either input, forward or output. This study discusses the implementations that were devised and would discuss in particular implementations that were able to provide a notable increase in fulfilment of securing and handling data packets at a faster pace while dealing with a high number of rules for packet handling.

Keywords

Firewalls, Linux, bpf-iptables, iptables, nftables

How to Cite this Article?

Niazi, A. K., and Usmani, M. A. A. (2020). An Analysis on Scalable and Faster Iptables in Linux Operating System. i-manager's Journal on Computer Science, 8(2), 32-44. https://doi.org/10.26634/jcom.8.2.17759

References

[1]. Behal, S., & Kumar, K. (2016). Trends in validation of DDoS research. Procedia Computer Science, 85, 7-15. https://doi.org/10.1016/j.procs.2016.05.170
[2]. Bertrone, M., Miano, S., Risso, F., & Tumolo, M. (2018, August). Accelerating Linux security with eBPF iptables. In Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos (pp. 108-110). https://doi.org/10.1145/ 3234200.3234228
[3]. Blazek, P., Gerlich, T., Martinasek, Z., & Frolka, J. (2018, July). Comparison of Linux filtering tools for mitigation of DDoS attacks. In 2018, 41 st International Conference on Telecommunications and Signal Processing (TSP) (pp. 1-5). IEEE. https://doi.org/10.1109/TSP.2018.8441309
[4]. Muscat, I. (2019). Mitigate slow HTTP GET/POST vulnerabilities in the Apache HTTP server. Acunetix. Retrieved https://www.acunetix.com/blog/articles/slowhttp- dos-attacks-mitigate-apache-http-server/
[5]. Kaspersky. (2020, September 4). Ddos attacks against educational resources increased by more than 350% this spring. [Press Release], Kaspersky. Retrieved from https:// www.kaspersky.com/about/press-releases/2020_ddosattacks- against-educational-resources-increased-bymore- than-350-this-spring
[6]. Nahar, N., & Kumar, R. (2017, May). An improved Linux firewall using a hybrid frame of netfilter. In 2017, International Conference on Trends in Electronics and Informatics (ICEI) (pp. 657-662). IEEE.
[7]. Melkov, D., Šaltis, A., & Paulikas, Š. (2020, April). Performance testing of Linux firewalls. In 2020, IEEE Open Conference of Electrical, Electronic and Information Sciences (eStream) (pp. 1-4). IEEE. https://doi.org/10.1109/ eStream50540.2020.9108868
[8]. Miano, S., Bertrone, M., Risso, F., Bernal, M. V., Lu, Y., & Pi, J. (2019). Securing Linux with a faster and scalable iptables. SIGCOMM Computer Communication Review, 49(3), 2–17. https://doi.org/10.1145/3371927.3371929
[9]. Papadie, R., & Apostol, I. (2017, June). Analyzing websites protection mechanisms against DDoS attacks. In 2017, 9th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. 1-6). IEEE. https://doi.org/10.1109/ECAI.2017.8166454
[10]. Taylor, A. (2020). Top five most infamous DDoS attacks. Security Boulevard. Retrieved from https://securitybouleva rd.com/2020/09/top-five-most-infamous-ddos-attacks/
[11]. Xuan, L., & Wu, P. (2015, April). The optimization and implementation of iptables rules set on Linux. In 2015, 2nd International Conference on Information Science and Control Engineering (pp. 988-991). IEEE. https://doi.org/10. 1109/ICISCE.2015.223
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.