1. Netfilter workshop 2008 in Paris

    The next edition of the Netfilter Workshop will take place in Paris, France, from September 29th to October 3th, 2008.

    The first day is open to everyone, and the program is now online.

    There will be many interesting presentations, and I will give a presentation of nfqueue-bindings and the weatherwall, a firewall based on the weather of the location of the destination of the packets, and ulogd2 along with Eric.

    Entry is free but a registration is asked. Please fill in the registration form.

    See you there !

    read more
  2. Next-generation firewall

    A firewall has to find the difference between good and bad packets, and for this, nothing is better than humans ! (french people could add this is the same difference as for good and bad hunters).

    So the next generation firewall will be:

    • better than stateful
    • better than layer 7 analysis
    • compliant with encrypted traffic
    • able to detect malware, suspicious traffic, virus, etc.

    Preview screenshot:


    Source code should be released on monday, on the Netfilter mailing lists. Stay tuned !

    read more
  3. ulogd2: the new userspace logging daemon for netfilter/iptables (part 2)

    This article explains how to build, install and configure ulogd 2 for use with netfilter/iptables. It explains how to use plugins to store logs in databases (MySQL and PostgreSQL), use plugins to filter data, and gives some iptables rules to log packets.

    Get the sources

    You can use the official repository:

    git clone git://git.netfilter.org/ulogd2.git/



    Use the standard autotools method for configure, build and install:

    ./configure --prefix=/path/to/prefix
    sudo make install


    Edit ulogd.conf

    1. enable plugins

    You will have to choose the input and output plugins according to your setup. NFLOG is present in recent kernels (and iptables installation), and should be preferred if possible.

    • Input plugin: ULOG or NFLOG
    • Output: MySQL or PostgreSQL

    You have to enable the corresponding in the configuration before you can use them:


    See “Stack configuration” later.

    2. buid the stack

    For MySQL, we will use a very simple plugin stack. As MySQL is quite inefficient in storing IP addresses (and …

    read more
  4. ulogd2: the new userspace logging daemon for netfilter/iptables (part 1)

    Ulogd (and also ulogd2) is a powerful and flexible logging system for Netfilter/Iptables, based on a plugin system. It allows, for example, to log packets in a SQL database, and have some interface to analyze it (see Nulog2)



    Ulogd2 combines plugins to create a stack, where each plugin is chained to another. There are three types of plugins:

    • Source
    • Filter
    • Output

    A stack must have only one source, and one output (yet it can have several filters). It is possible to define several stacks in the configuration.

    Each plugin has a type (for ex, PGSQL), and must be instanciated (using a name chosen by the user). Each instance is a particular version of the plugin, defining parameters. This way, we will be able to output data in several formats using different stacks.

    For ex, the following stack :


    defines a stack with the following properties:

    • input plugin is NFLOG, this means we’ll use the -j NFLOG target of iptables as source
    • filters are BASE, IFINDEX, and PRINTPKT (we’ll cover what they do later)
    • output plugin is of type PGSQL, so data will be logged to a …
    read more
  5. First post

    Date Mon 04 February 2008 Tags Life Work

    This is the first post on my blog …

    It will talk about my current job, working for INL, the company editing the authenticating firewall called NuFW; my hobbies (mainly related to security): Prelude, PostgreSQL, Netfilter, Linux, and other things…

    In other words, maybe it will be interesting …

    read more

« Page 2 / 2