|Overview| Examples| Bugs| FAQ | White papers | Download | Help wanted | SourceForge Project page | Filltable utility|
The filltable utility is a python script to allow relatively untrusted (junior) GNU/Linux system adinistrators (for example system adinistrator of a chrooted sandbox) to modify specific parts of the linux netfilter configuration. The senior system administrator can designate specific packet classes (based on source/destination addresses, ports, etc) to be managed by the junior system administrator. These packet filter classes are directed to one or more netfilter chains. The junior system administrator can describe the configuration in a text file, which makes the input of the filltable utility. After that the senior system administrator can run the filltable utility on these files, thus modifying the configuration. The filltable script is strict on the syntax of its configuration script, thus makes compromising the execution domain of itself impossible.
The filltable script is a Trusted Procedure in the sense of the Clark-Wilson access control modell.
Next Previous Contents