IPFilter
Encyclopedia
IPFilter is an open source
software package that provides firewall services and network address translation
(NAT) for many UNIX-like
operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall
.
IPFilter is delivered with FreeBSD
, NetBSD
, and Solaris 10. It was removed from DragonFlyBSD base system on 6 May 2011. It used to be a part of OpenBSD
, but it was removed in May 2001 due to problems with the license of IP Filter, after negotiations between Theo de Raadt
and Reed broke down.
At first glance, the altered license looked a lot like BSD Licenses
, but did not allow redistribution of modified versions. Reed came back with another proposal but it was already too late. The software was subsequently removed from OpenBSD and replaced by pf
- a packet filter developed by the OpenBSD community in response to their licensing concerns. The current ipf license, as included with the 5.1.0 release, allows redistribution of modified versions but prohibits relicensing.
IPFilter can be installed as a runtime-loadable kernel module
or directly incorporated into the operating system kernel, depending on the specifics of each kernel and user preferences. The software's documentation recommends the module approach, if possible.
Operating system
s that are known to support IPFilter include the following:
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
software package that provides firewall services and network address translation
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
(NAT) for many UNIX-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall
Stateful firewall
In computing, a stateful firewall is a firewall that keeps track of the state of network connections traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections...
.
IPFilter is delivered with FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
, NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
, and Solaris 10. It was removed from DragonFlyBSD base system on 6 May 2011. It used to be a part of OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
, but it was removed in May 2001 due to problems with the license of IP Filter, after negotiations between Theo de Raadt
Theo de Raadt
Theo de Raadt , born May 19, 1968 in Pretoria, South Africa, is a software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects, and was a founding member of the NetBSD project.- Childhood :...
and Reed broke down.
At first glance, the altered license looked a lot like BSD Licenses
BSD licenses
BSD licenses are a family of permissive free software licenses. The original license was used for the Berkeley Software Distribution , a Unix-like operating system after which it is named....
, but did not allow redistribution of modified versions. Reed came back with another proposal but it was already too late. The software was subsequently removed from OpenBSD and replaced by pf
PF (firewall)
PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and ipfilter...
- a packet filter developed by the OpenBSD community in response to their licensing concerns. The current ipf license, as included with the 5.1.0 release, allows redistribution of modified versions but prohibits relicensing.
IPFilter can be installed as a runtime-loadable kernel module
Loadable Kernel Module
In computing, a loadable kernel module is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system...
or directly incorporated into the operating system kernel, depending on the specifics of each kernel and user preferences. The software's documentation recommends the module approach, if possible.
Operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s that are known to support IPFilter include the following:
- AIX 5.3 ML05
- BSD/OSBSD/OSBSD/OS was a proprietary version of the BSD operating system developed by Berkeley Software Design, Inc. ....
-1.1 - 4 - DragonFlyBSD 1.0 - 2.10
- FreeBSDFreeBSDFreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
2.0.0 - 9.0 - IRIXIRIXIRIX is a computer operating system developed by Silicon Graphics, Inc. to run natively on their 32- and 64-bit MIPS architecture workstations and servers. It was based on UNIX System V with BSD extensions. IRIX was the first operating system to include the XFS file system.The last major version...
6.2, 6.5 - HP-UXHP-UXHP-UX is Hewlett-Packard's proprietary implementation of the Unix operating system, based on UNIX System V and first released in 1984...
11.00 - Linux kernelLinux kernelThe Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
2.4 - 2.6 - NetBSDNetBSDNetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
1.0 - 5.0 - OpenBSDOpenBSDOpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
2.0 - 2.9 (no support since May 2001) - OpenSolarisOpenSolarisOpenSolaris was an open source computer operating system based on Solaris created by Sun Microsystems. It was also the name of the project initiated by Sun to build a developer and user community around the software...
- QNXQNXQNX is a commercial Unix-like real-time operating system, aimed primarily at the embedded systems market. The product was originally developed by Canadian company, QNX Software Systems, which was later acquired by Canadian BlackBerry-producer Research In Motion.-Description:As a microkernel-based...
6 port - Solaris 2.3 - 10
- SunOSSunOSSunOS is a version of the Unix operating system developed by Sun Microsystems for their workstation and server computer systems. The SunOS name is usually only used to refer to versions 1.0 to 4.1.4 of SunOS...
4.1.3 - 4.1.4 - Tru64 5.1a