[clug] Debian Buster -Which firewall by default? iptables or nftables ? The ebtables program is a filtering tool for a Linux-based bridging firewall.
steve jenkin
sjenkin at canb.auug.org.au
Wed Jul 24 13:52:45 UTC 2019
George,
It’s good shaking up our assumed language with someone with an external perspective asking questions.
Below, there’s an undergrad paper, from 20 years ago, that I found with a quick web search.
It explains ’software layers’ as well as I’ve seen.
And something from IBM 12 years ago.
For ‘extra credit’, there’s a zoomable map of the Linux Kernel, organised by Functional Layer and sub-system. There’s others.
<http://www.makelinux.net/kernel_map/>
It’s not (7) OSI protocol layers.
HTH
steve
> On 24 Jul 2019, at 23:05, George at Clug via linux <linux at lists.samba.org> wrote:
>
> I still am a bit confused by the term "layer", in the above statement "iptables-nft layer", does the word "layer" have more significance that just the word "layer" as in "the jam and cream layer in a chocolate cake really makes it yummy", or "put a layer of topsoil on your yard before applying the new turf". For example, does the word imply one of the OSI layers? Just like in Object Oriented Programing, words can inherit too much implied meaning.
========
Conceptual Architecture of the Linux Kernel
1998
<https://docs.huihoo.com/linux/kernel/a1/index.html>
This decomposition follows Garlan and Shaw's Layered style discussed in [Garlan 1994];
each subsystem layer can only communicate with the subsystem layers that are immediately adjacent to it.
In addition, the dependencies between subsystems are from the top down:
layers pictured near the top depend on lower layers, but subsystems nearer the bottom do not depend on higher layers.
========
Anatomy of the Linux kernel: History and architectural decomposition
2007
<https://developer.ibm.com/articles/l-linux-kernel/>
The Linux kernel implements a number of important architectural attributes.
At a high level, and at lower levels, the kernel is layered into a number of distinct subsystems.
Linux can also be considered monolithic because it lumps all of the basic services into the kernel.
This differs from a microkernel architecture where the kernel provides basic services such as
communication,
I/O, and
memory and process management,
and more specific services are plugged in to the microkernel layer.
Each has its own advantages, but I’ll steer clear of that debate.
--
Steve Jenkin, IT Systems and Design
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA
mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list