SecurityFocus has released a new paper called Linux Firewall-related /proc Entries.
Here is an excerpt:
To read the full article click here: Linux Firewall-related /proc EntriesMost people, when creating a Linux firewall, concentrate soley on manipulating kernel network filters: the rulesets you create using userspace tools such as iptables (2.4 kernels,) ipchains (2.2 kernels,) or even ipfwadm (2.0 kernels).
However there are kernel variables -- independent of any kernel filtering rules -- that affect how the kernel handles network packets. This article will discuss these variables and the effect they have on the network security of your Linux host or firewall.