The Official Unofficial Zorp project
 
Overview| Examples| Bugs| FAQ | White papers | Download | Help wanted | SourceForge Project page | Filltable utility  
 
 
SourceForge.net: SF.net Project News: Zorp unofficial
  • zorp 2.0.9-6 has been released
  • iptables-utils zorp-unoff version has been released
  • New whitepaper, even more FAQs
  • Zorp whitepapers released, new FAQs
  • New tproxy versions
  • New Zorp version: get the DN
  • The best bughunter
  • Bughunting contest extended
  • Valentine day bughunting contest!
  • Site updates: FAQ, design
    		•
    SourceForge.net: Project File Releases: Zorp unofficial
  • zorp 2.0.9-6 released (Mon, 01 Nov 2004 21:49:58 GMT)
  • zorp 2.0.9-6 released (Mon, 01 Nov 2004 21:40:56 GMT)
  • iptables-utils 1.21-1 released (Mon, 01 Nov 2004 21:19:42 GMT)
  • zorp 2.0.9-1 released (Sat, 12 Jun 2004 00:00:00 GMT)
  • zorplibll 2.0.26.24-1 released (Sat, 12 Jun 2004 00:00:00 GMT)
  • zorp zorp_2.0.8-1 released (Thu, 11 Dec 2003 00:00:00 GMT)
  • zorp zorp_2.0.7-2 released (Wed, 03 Dec 2003 00:00:00 GMT)
  • zorp zorp_2.0.7-1 released (Tue, 11 Nov 2003 00:00:00 GMT)
  • zorplibll zorplibll_2.0.26.23-1 released (Mon, 10 Nov 2003 00:00:00 GMT)
    		•
    		Next Previous Contents

    1. Introduction

    The filltable utility is a python script to allow relatively untrusted (junior) GNU/Linux system adinistrators (for example system adinistrator of a chrooted sandbox) to modify specific parts of the linux netfilter configuration. The senior system administrator can designate specific packet classes (based on source/destination addresses, ports, etc) to be managed by the junior system administrator. These packet filter classes are directed to one or more netfilter chains. The junior system administrator can describe the configuration in a text file, which makes the input of the filltable utility. After that the senior system administrator can run the filltable utility on these files, thus modifying the configuration. The filltable script is strict on the syntax of its configuration script, thus makes compromising the execution domain of itself impossible.

    The filltable script is a Trusted Procedure in the sense of the Clark-Wilson access control modell.

    Next Previous Contents