Welcome back to the 2nd meeting after the awesome first one of last month that went off so well that we ended up moving to a bigger room :)

We have two technically savvy presentations planned.

Sam Stelfox will speak on diagnosing Linux Firewall Issues

It's Never the Firewall: Diagnosing Linux Firewall Issues

Between network namespaces, packet routing, and forwarding there is one building block in Linux that ties them all together, and if frequently modified under your nose, the firewall. In this talk I'll demonstrate how common network services (such as docker, and libvirt) will modify various firewall primitives silently and in ways you might not expect.

You'll get a run through of how iptables works, tools that can be used to identify what is happening and if the firewall is to blame. I'll show you how higher level tools, such as firewalld, make use of, modify, and manipulate the underlying iptables framework. I'll cover best practices for firewall configuration, and common short cuts for the less paranoid among us.

If there is time, I'll also give a brief introduction to the next generation of Linux firewall primitives "nftables" and why you may want to consider switching to it.