diff --git a/bericht/benchmarks/nft-ipt-drop-response.tex b/bericht/benchmarks/nft-ipt-drop-response.tex new file mode 100644 index 0000000..8d8a2a7 --- /dev/null +++ b/bericht/benchmarks/nft-ipt-drop-response.tex @@ -0,0 +1,36 @@ +\documentclass{standalone} + +\usepackage[utf8]{inputenc} + +\usepackage{pgfplots} +\pgfplotsset{compat=1.3} +\usepgfplotslibrary{units} +\usepgfplotslibrary{dateplot} +\usepackage{tikz} +\usepackage{pgfplotstable} +\usepackage{csquotes} +\usepackage{float} + +\begin{document} + +\pgfplotstableread{nft/ipt-nft-simple-drop-response.txt}{\nftsimpledropresponse} + +\begin{tikzpicture} + \begin{axis}[ + yshift=-0.5cm, + xtick={10000,20000,30000,40000,50000,60000,70000,80000,90000,100000}, + xmin=200, xmax=100000, + ymin=0, + xlabel={Anzahl der Firewall-Regeln}, ylabel={Antwortzeit [ms]}, + tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, + width=15cm, height=10cm, + legend entries={iptables,nftables}, + scaled ticks=false + ] + \addplot[smooth,blue] table [x={rules}, y={ipt}] {\nftsimpledropresponse}; + \addplot[smooth,red] table [x={rules}, y={nft}] {\nftsimpledropresponse}; + \end{axis} +\end{tikzpicture} + + +\end{document} diff --git a/bericht/benchmarks/nft-ipt-drop.tex b/bericht/benchmarks/nft-ipt-drop.tex new file mode 100644 index 0000000..14525d6 --- /dev/null +++ b/bericht/benchmarks/nft-ipt-drop.tex @@ -0,0 +1,36 @@ +\documentclass{standalone} + +\usepackage[utf8]{inputenc} + +\usepackage{pgfplots} +\pgfplotsset{compat=1.3} +\usepgfplotslibrary{units} +\usepgfplotslibrary{dateplot} +\usepackage{tikz} +\usepackage{pgfplotstable} +\usepackage{csquotes} +\usepackage{float} + +\begin{document} + +\pgfplotstableread{nft/ipt-nft-simple-drop.txt}{\nftsimpledrop} + +\begin{tikzpicture} + \begin{axis}[ + yshift=-0.5cm, + xtick={5000,10000,15000,20000,25000,30000}, + xmin=200, xmax=30000, + ymin=0, ymode=log, + xlabel={Anzahl der Firewall-Regeln}, ylabel={PPS}, + tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, + width=15cm, height=10cm, + legend entries={iptables,nftables}, + scaled ticks=false + ] + \addplot[smooth,blue] table [x={rules}, y={iptpps}] {\nftsimpledrop}; + \addplot[smooth,red] table [x={rules}, y={nftpps}] {\nftsimpledrop}; + \end{axis} +\end{tikzpicture} + + +\end{document} diff --git a/bericht/benchmarks/nft-size-load-rate-recv.tex b/bericht/benchmarks/nft-size-load-rate-recv.tex new file mode 100644 index 0000000..8b57cff --- /dev/null +++ b/bericht/benchmarks/nft-size-load-rate-recv.tex @@ -0,0 +1,106 @@ +\documentclass{standalone} + +\usepackage[utf8]{inputenc} + +\usepackage{pgfplots} +\pgfplotsset{compat=1.3} +\usepgfplotslibrary{units} +\usepgfplotslibrary{dateplot} +\usepackage{tikz} +\usepackage{pgfplotstable} +\usepackage{csquotes} +\usepackage{float} + +\begin{document} + +\pgfplotstableread{ +size rate pps load +1500 982.38 81865 0.5 +1450 981.1512 84582 0.7 +1400 983.4272 87806 0.6 +1350 981.936 90920 0.6 +1300 979.9816 94229 0.8 +1250 977.44 97744 0.5 +1200 980.7936 102166 0.8 +1150 978.5396 106363 0.7 +1100 975.6472 110869 0.6 +1050 972.3588 115757 0.9 +1000 977.192 122149 0.8 +950 974.0312 128162 0.8 +900 970.6896 134818 1.0 +850 965.4368 141976 0.9 +800 970.8992 151703 1.0 +750 966.756 161126 0.9 +700 960.9544 171599 1.2 +650 956.2592 183896 4.6 +600 961.4736 200307 15.3 +550 954.8088 217002 19.6 +500 946.992 236748 23.7 +450 928.7784 257994 25.1 +400 823.2672 257271 25.3 +350 722.5316 258047 25.4 +300 615.1632 256318 25.5 +250 492.206 246103 25.5 +200 406.3824 253989 25.5 +150 299.2116 249343 25.3 +100 205.8888 257361 25.2 +50 123.79728 257911 25.5 + +}\sizerateppsrecv + +\begin{tikzpicture} +\pgfplotsset{ + y axis style/.style={ + yticklabel style=#1, + y axis line style=#1, + ylabel style=#1, + ytick style=#1 + } +} + \begin{axis}[ + width=15cm, height=10cm, + title=Empfänger, + xmin=1, + xmax=1500, + xlabel={Ethernet Frame-Größe}, + xtick={100,300,500,700,900,1100,1300,1500}, + ymin=0,ymax=1000, + axis y line*=left, + ylabel={Datenrate [MBit/s]}, + y axis style=blue!75!black, + tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, + scaled ticks=false + ] + \addplot[smooth,blue] table[x={size}, y={rate}] {\sizerateppsrecv}; + \end{axis} + \begin{axis}[ + width=15cm, height=10cm, + xmin=1, + xmax=1500, + axis x line=none, + ymin=0,ymax=500000, + ytick pos=right, + axis y line* = right, + ylabel={PPS}, + ylabel near ticks, + ytick={100000,200000,300000,400000}, + y axis style=red!75!black, + tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, + scaled ticks=false + ] + \addplot[smooth,red] table[x={size}, y={pps}] {\sizerateppsrecv}; + \end{axis} + \begin{axis}[ + width=15cm, height=10cm, + xmin=1, + xmax=1500, + axis x line=none, + ymin=0,ymax=26, + axis y line=none, + ] + \addplot[smooth,green] table[x={size}, y={load}] {\sizerateppsrecv}; + \end{axis} +\end{tikzpicture} + + +\end{document} diff --git a/bericht/benchmarks/nft-size-load-rate-send.tex b/bericht/benchmarks/nft-size-load-rate-send.tex new file mode 100644 index 0000000..727fed7 --- /dev/null +++ b/bericht/benchmarks/nft-size-load-rate-send.tex @@ -0,0 +1,95 @@ +\documentclass{standalone} + +\usepackage[utf8]{inputenc} + +\usepackage{pgfplots} +\pgfplotsset{compat=1.3} +\usepgfplotslibrary{units} +\usepgfplotslibrary{dateplot} +\usepackage{tikz} +\usepackage{pgfplotstable} +\usepackage{csquotes} +\usepackage{float} + +\begin{document} + +\pgfplotstableread{ +size rate pps +1500 986.004 82167 +1450 985.7216 84976 +1400 984.7376 87923 +1350 984.2904 91138 +1300 983.4968 94567 +1250 982.78 98278 +1200 982.08 102300 +1150 981.18 106650 +1100 980.2496 111392 +1050 979.2384 116576 +1000 978.304 122288 +950 977.36 128600 +900 975.0024 135417 +850 974.27 143275 +800 972.5888 151967 +750 970.572 161762 +700 968.3856 172926 +650 966.2328 185814 +600 963.1056 200647 +550 959.7588 218127 +500 955.604 238901 +450 951.588 264330 +400 945.3248 295414 +350 937.3336 334762 +300 923.2584 384691 +250 855.588 427794 +200 662.5952 433335 +150 527.3604 439467 +100 354.96 443700 +50 207.176 446500 +}\sizeratepps + +\begin{tikzpicture} +\pgfplotsset{ + y axis style/.style={ + yticklabel style=#1, + y axis line style=#1, + ylabel style=#1, + ytick style=#1 + } +} + \begin{axis}[ + width=15cm, height=10cm, + title=Sender, + xmin=1, + xmax=1500, + xlabel={Ethernet Frame-Größe}, + xtick={100,300,500,700,900,1100,1300,1500}, + ymin=0,ymax=1000, + axis y line*=left, + ylabel={Datenrate [MBit/s]}, + y axis style=blue!75!black, + tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, + scaled ticks=false + ] + \addplot[smooth,blue] table[x={size}, y={rate}] {\sizeratepps}; + \end{axis} + \begin{axis}[ + width=15cm, height=10cm, + xmin=1, + xmax=1500, + axis x line=none, + ymin=0,ymax=500000, + ytick pos=right, + axis y line* = right, + ylabel={PPS}, + ylabel near ticks, + ytick={100000,200000,300000,400000}, + y axis style=red!75!black, + tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, + scaled ticks=false + ] + \addplot[smooth,red] table[x={size}, y={pps}] {\sizeratepps}; + \end{axis} +\end{tikzpicture} + + +\end{document} diff --git a/bericht/benchmarks/nft/ipt-nft-simple-drop-response.txt b/bericht/benchmarks/nft/ipt-nft-simple-drop-response.txt new file mode 100644 index 0000000..706b30a --- /dev/null +++ b/bericht/benchmarks/nft/ipt-nft-simple-drop-response.txt @@ -0,0 +1,102 @@ +rules ipt nft +0 1.1179999999999999 0.93220000000000014 +1000 0.91959999999999997 1.0016 +2000 1.0592000000000001 0.88159999999999994 +3000 1.2508000000000001 1.1870000000000001 +4000 1.2505999999999999 1.2645999999999999 +5000 1.1401999999999999 1.0672000000000001 +6000 1.3677999999999999 1.2315999999999998 +7000 1.4196000000000002 1.3560000000000001 +8000 1.4826000000000001 1.1912 +9000 1.274 1.2216 +10000 1.4966000000000002 1.4909999999999999 +11000 1.8840000000000003 1.5668 +12000 1.4045999999999998 1.7600000000000002 +13000 1.8855999999999997 1.73 +14000 1.9919999999999998 1.6111999999999997 +15000 2.3679999999999999 1.722 +16000 2.1486000000000001 1.734 +17000 1.998 1.7899999999999998 +18000 2.4379999999999997 1.7719999999999998 +19000 2.1299999999999999 1.7120000000000002 +20000 1.7900000000000003 1.8879999999999999 +21000 2.5439999999999996 2.222 +22000 2.6060000000000003 2.028 +23000 2.8420000000000001 2.1640000000000001 +24000 3.2079999999999997 2.1179999999999999 +25000 3.3480000000000003 1.9599999999999997 +26000 3.7160000000000002 2.214 +27000 3.6520000000000001 2.3459999999999996 +28000 3.3820000000000001 2.6499999999999995 +29000 3.5720000000000001 2.6759999999999997 +30000 3.964 2.754 +31000 3.9900000000000007 2.98 +32000 3.9839999999999995 2.9319999999999999 +33000 4.1880000000000006 2.6360000000000001 +34000 4.3559999999999999 3.0600000000000001 +35000 4.5819999999999999 2.9020000000000001 +36000 4.6779999999999999 2.9560000000000004 +37000 4.5739999999999998 3.2359999999999998 +38000 4.5699999999999994 3.444 +39000 5.2820000000000009 3.4400000000000004 +40000 5.1300000000000008 3.2680000000000007 +41000 5.2879999999999994 3.2379999999999995 +42000 5.3339999999999987 3.6700000000000004 +43000 5.7480000000000002 3.7399999999999998 +44000 5.6019999999999994 3.8220000000000001 +45000 5.5099999999999998 3.71 +46000 5.8879999999999999 3.556 +47000 5.8799999999999999 4.0839999999999996 +48000 6.306 3.968 +49000 6.403999999999999 4.0619999999999994 +50000 6.3399999999999999 4.3499999999999996 +51000 6.4219999999999997 4.2999999999999998 +52000 7.0659999999999998 4.3239999999999998 +53000 7.589999999999999 4.426 +54000 7.0080000000000009 4.516 +55000 6.9059999999999988 4.9399999999999995 +56000 7.0980000000000008 4.5340000000000007 +57000 7.1819999999999995 5.0220000000000002 +58000 7.2739999999999991 4.8239999999999998 +59000 7.2180000000000009 4.9580000000000002 +60000 7.5760000000000005 5.1500000000000004 +61000 7.7780000000000005 4.9560000000000004 +62000 7.645999999999999 4.9599999999999991 +63000 7.9139999999999988 5.4740000000000002 +64000 7.7520000000000007 5.4260000000000002 +65000 8.2720000000000002 5.4059999999999997 +66000 8.4920000000000009 5.21 +67000 8.6600000000000001 5.6319999999999997 +68000 8.581999999999999 5.6080000000000005 +69000 8.3739999999999988 5.7279999999999998 +70000 8.6000000000000014 5.8259999999999996 +71000 8.7960000000000012 5.6379999999999999 +72000 8.8840000000000003 5.7739999999999991 +73000 8.8940000000000001 5.8560000000000008 +74000 8.7960000000000012 5.9119999999999999 +75000 9.4499999999999993 5.7419999999999991 +76000 9.2480000000000011 6.3260000000000005 +77000 9.5719999999999992 6.3480000000000008 +78000 9.3640000000000008 6.1659999999999995 +79000 9.7859999999999978 6.379999999999999 +80000 9.8760000000000012 6.5060000000000002 +81000 10.013999999999999 6.3819999999999997 +82000 9.9960000000000004 6.6119999999999992 +83000 10.001999999999999 6.5900000000000007 +84000 10.087999999999999 6.7380000000000013 +85000 10.298 6.8420000000000005 +86000 10.559999999999999 6.6540000000000008 +87000 10.512 6.8639999999999999 +88000 10.790000000000001 6.8180000000000005 +89000 10.788 7.4459999999999997 +90000 11.008000000000001 7.1599999999999993 +91000 10.988 7.1319999999999997 +92000 11.134 7.2919999999999998 +93000 11.130000000000001 7.1659999999999995 +94000 11.523999999999999 7.1139999999999999 +95000 11.468 7.2280000000000015 +96000 11.524000000000001 7.298 +97000 11.498000000000001 7.7939999999999996 +98000 11.728 7.596000000000001 +99000 11.9 7.8160000000000007 +100000 12.098000000000001 7.6139999999999999 diff --git a/bericht/bericht.tex b/bericht/bericht.tex index aef39e2..fac113e 100644 --- a/bericht/bericht.tex +++ b/bericht/bericht.tex @@ -16,12 +16,13 @@ \usepgfplotslibrary{units} \usepgfplotslibrary{dateplot} -\RequirePackage{mymacros} \usepackage{tikz} \usepackage{pgfplotstable} \usepackage{csquotes} \usepackage{float} +\RequirePackage{mymacros} + \lstset{basicstyle=\footnotesize\ttfamily,breaklines=true,xleftmargin=1cm} % schönere Hyperlinkfarben diff --git a/bericht/bilder/nft-layout.png b/bericht/bilder/nft-layout.png new file mode 100644 index 0000000..376a1fc Binary files /dev/null and b/bericht/bilder/nft-layout.png differ diff --git a/bericht/nftables/nftables-perf.tex b/bericht/nftables/nftables-perf.tex index e981064..7ca2f6d 100644 --- a/bericht/nftables/nftables-perf.tex +++ b/bericht/nftables/nftables-perf.tex @@ -19,164 +19,13 @@ Zur Überwachung der Messdaten (Datenrate und PPS) habe ich auf allen vier Netzw \paragraph{Testeinstellung} Zunächst habe ich die Datenrate und die PPS in Abhängigkeit der Ethernet Frame-Größe gemessen um festzustellen, mit welcher Paketgröße die Messungen am besten durchzuführen sind. \\ \\ -\pgfplotstableread{ -size rate pps -1500 986.004 82167 -1450 985.7216 84976 -1400 984.7376 87923 -1350 984.2904 91138 -1300 983.4968 94567 -1250 982.78 98278 -1200 982.08 102300 -1150 981.18 106650 -1100 980.2496 111392 -1050 979.2384 116576 -1000 978.304 122288 -950 977.36 128600 -900 975.0024 135417 -850 974.27 143275 -800 972.5888 151967 -750 970.572 161762 -700 968.3856 172926 -650 966.2328 185814 -600 963.1056 200647 -550 959.7588 218127 -500 955.604 238901 -450 951.588 264330 -400 945.3248 295414 -350 937.3336 334762 -300 923.2584 384691 -250 855.588 427794 -200 662.5952 433335 -150 527.3604 439467 -100 354.96 443700 -50 207.176 446500 -}\sizeratepps +\includegraphics{benchmarks/nft-size-load-rate-send.pdf} -\begin{tikzpicture} -\pgfplotsset{ - y axis style/.style={ - yticklabel style=#1, - y axis line style=#1, - ylabel style=#1, - ytick style=#1 - } -} - \begin{axis}[ - width=15cm, height=10cm, - title=Sender, - xmin=1, - xmax=1500, - xlabel={Ethernet Frame-Größe}, - xtick={100,300,500,700,900,1100,1300,1500}, - ymin=0, - axis y line*=left, - ylabel={Datenrate [MBit/s]}, - y axis style=blue!75!black, - tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, - scaled ticks=false - ] - \addplot[smooth,blue] table[x={size}, y={rate}] {\sizeratepps}; - \end{axis} - \begin{axis}[ - width=15cm, height=10cm, - xmin=1, - xmax=1500, - axis x line=none, - ymin=0,ymax=500000, - ytick pos=right, - axis y line* = right, - ylabel={PPS}, - ylabel near ticks, - ytick={100000,200000,300000,400000}, - y axis style=red!75!black, - tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, - scaled ticks=false - ] - \addplot[smooth,red] table[x={size}, y={pps}] {\sizeratepps}; - \end{axis} -\end{tikzpicture} +\vspace{0.5cm} -\vspace{1cm} +\includegraphics{benchmarks/nft-size-load-rate-recv.pdf} -\pgfplotstableread{ -size rate pps -1500 982.38 81865 -1450 981.1512 84582 -1400 983.4272 87806 -1350 981.936 90920 -1300 979.9816 94229 -1250 977.44 97744 -1200 980.7936 102166 -1150 978.5396 106363 -1100 975.6472 110869 -1050 972.3588 115757 -1000 977.192 122149 -950 974.0312 128162 -900 970.6896 134818 -850 965.4368 141976 -800 970.8992 151703 -750 966.756 161126 -700 960.9544 171599 -650 956.2592 183896 -600 961.4736 200307 -550 954.8088 217002 -500 946.992 236748 -450 928.7784 257994 -400 823.2672 257271 -350 722.5316 258047 -300 615.1632 256318 -250 492.206 246103 -200 406.3824 253989 -150 299.2116 249343 -100 205.8888 257361 -50 123.79728 257911 - -}\sizerateppsrecv - -\begin{tikzpicture} -\pgfplotsset{ - y axis style/.style={ - yticklabel style=#1, - y axis line style=#1, - ylabel style=#1, - ytick style=#1 - } -} - \begin{axis}[ - width=15cm, height=10cm, - title=Empfänger, - xmin=1, - xmax=1500, - xlabel={Ethernet Frame-Größe}, - xtick={100,300,500,700,900,1100,1300,1500}, - ymin=0, - axis y line*=left, - ylabel={Datenrate [MBit/s]}, - y axis style=blue!75!black, - tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, - scaled ticks=false - ] - \addplot[smooth,blue] table[x={size}, y={rate}] {\sizerateppsrecv}; - \end{axis} - \begin{axis}[ - width=15cm, height=10cm, - xmin=1, - xmax=1500, - axis x line=none, - ymin=0,ymax=500000, - ytick pos=right, - axis y line* = right, - ylabel={PPS}, - ylabel near ticks, - ytick={100000,200000,300000,400000}, - y axis style=red!75!black, - tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, - scaled ticks=false - ] - \addplot[smooth,red] table[x={size}, y={pps}] {\sizerateppsrecv}; - \end{axis} -\end{tikzpicture} +Beim Sender betrug die Prozessor-Last dauerhaft 100 \%, für den Empfänger ist die CPU-Last zusätzlich grün eingetragen. \pagebreak @@ -196,43 +45,6 @@ Letztendlich habe ich dazu entschieden, auf der Empfängerseite mit \texttt{ipta \paragraph{Einfache Drop-Regeln} Für den nachfolgenden Benchmark habe ich entsprechend viele Regeln generieren lassen, die besagen, dass von (zufällig gewählten) IP-Adressen alle Pakete gedropt werden sollen. \\ -\pgfplotstableread{benchmarks/nft/ipt-nft-simple-drop.txt}{\nftsimpledrop} - -\begin{minipage}{\textwidth} -\flushright -\begin{tikzpicture} - \begin{axis}[ - name=plot1, - xtick={5000,10000,15000,20000,25000,30000}, - xmin=200, xmax=30000, - ymin=0, - xlabel={Anzahl der Firewall-Regeln}, ylabel={Datenrate [MBit/s]}, - tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, - width=15cm, height=10cm, - legend entries={iptables,nftables}, - scaled ticks=false - ] - \addplot[smooth,blue] table [x={rules}, y={iptrate}] {\nftsimpledrop}; - \addplot[smooth,red] table [x={rules}, y={nftrate}] {\nftsimpledrop}; - \end{axis} - - \begin{axis}[ - name=plot2, - at=(plot1.below south), anchor=above north, - yshift=-0.5cm, - xtick={5000,10000,15000,20000,25000,30000}, - xmin=200, xmax=30000, - ymin=0, - xlabel={Anzahl der Firewall-Regeln}, ylabel={PPS}, - tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace}, - width=15cm, height=10cm, - legend entries={iptables,nftables}, - scaled ticks=false - ] - \addplot[smooth,blue] table [x={rules}, y={iptpps}] {\nftsimpledrop}; - \addplot[smooth,red] table [x={rules}, y={nftpps}] {\nftsimpledrop}; - \end{axis} -\end{tikzpicture} -\end{minipage} \\ +\includegraphics{benchmarks/nft-ipt-drop.pdf} Die Datenrate und die Anzahl an PPS liegen initial bei den bereits zuvor gemessenen ca. 980 MBit/s und 250000 Paketen pro Sekunde. Jedoch bricht die Leistungsfähigkeit bei beiden Firewall-Lösungen schnell erheblich ein. So kann \texttt{iptables} bei 5000 Regeln nur noch ca. 100 MBit/s bei 28000 Paketen verarbeiten, \texttt{nftables} schafft hier nur ca. 50 MBit/s bei 14000 Paketen. \ No newline at end of file diff --git a/nftables/Präsentation/Latex/lctp_prensentation.pdf b/nftables/Präsentation/Latex/lctp_prensentation.pdf new file mode 100644 index 0000000..1d683fd Binary files /dev/null and b/nftables/Präsentation/Latex/lctp_prensentation.pdf differ diff --git a/nftables/Präsentation/Latex/lctp_prensentation.tex b/nftables/Präsentation/Latex/lctp_prensentation.tex new file mode 100644 index 0000000..18c8e9d --- /dev/null +++ b/nftables/Präsentation/Latex/lctp_prensentation.tex @@ -0,0 +1,333 @@ +\documentclass[10pt]{beamer} + +%\usepackage[utf8x]{inputenc} +\usepackage{ngerman} +\usepackage[ngerman]{babel} +\usepackage{amsmath} +\usepackage{bbm} + +\usepackage{tabularx} +\usepackage{graphicx} +\usepackage{subfigure} +\usepackage{url} +%\usepackage{hyperref} +\usepackage{eurosym} +\usepackage{listings} + +\usepackage{multirow} +\usepackage{colortbl} +\usepackage{booktabs} +\usepackage{setspace} + +\usepackage[utf8]{inputenc} + +\input{theme/theme} + +\title{Linux Cluster in Theorie und Praxis} +\subtitle{\texttt{iptables} und \texttt{nftables}} +\author{Alfred Krohmer} +\date{4. März 2014} +\institute[ZIH TUD]{Zentrum für Informationsdienste und Hochleistungsrechnen -- TU Dresden} +%\room{INF 1046} +\address{Nöthnitzer Straße 46} +\city{01189 Dresden} +%\phone{+49 0351 - 463 38783} +\email{s4039299@mail.zih.tu-dresden.de} + +\setbeamercovered{transparent} +\begin{document} + +\zihmaketitle + +\begin{frame} +\frametitle{Inhalt} + \tableofcontents +\end{frame} + + +\section{Einführung} + +\begin{frame} +\frametitle{Einführung} + +Zielstellungen bei der Entwicklung bei \texttt{nftables} +\begin{itemize} + \item Vereinfachung der Kernel-ABI + \item Vermeidung von Code-Redundanz + \item effizientere Abarbeitung der Regeln + \item bessere Fehlermeldungen +\end{itemize} + +\end{frame} + + +\section{Rückblick / bisherige Firewall-Lösungen} + +\begin{frame} +\frametitle{Rückblick / bisherige Firewall-Lösungen} + +\begin{itemize} + \item 1994: ipfw + \item 1996: ipfwadm + \item 1999: ipchains + \item 2000: iptables + \item \textbf{2014: nftables} +\end{itemize} + +\end{frame} + + +\section{Funktionsweise iptables vs. nftables} + +\begin{frame} +\frametitle{Funktionsweise iptables vs. nftables} + +iptables: +\begin{itemize} + \item nur für IPv4 + \item andere Tools für andere Protokolle: + \begin{itemize} + \item ip6tables + \item arptables + \item ebtables + \end{itemize} + \item für jedes Protokoll eine eigenständige Implementierung im Kernel + \item Code für jedes Protokoll sehr spezifisch + \begin{itemize} + \item viel replizierter Code + \item hohe Performance + \end{itemize} +\end{itemize} + +\end{frame} + +\begin{frame} +\frametitle{Funktionsweise iptables vs. nftables} +\begin{center} +\includegraphics[width=10cm]{../iptables.png} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Funktionsweise iptables vs. nftables} + +nftables: +\begin{itemize} + \item ein Tool für alle Protokolle \\ + (IPv4, IPv6, Ethernet-Bridging, ARP) + \item inheitliche Schnittstelle zum Kernel + \item Implementierung als kleine virtuelle Maschine im Kernel + \item Regeln werden im Userspace zu Byte-Code kompiliert + \item Byte-Code kann auf Feldern und Bits der Pakete Operationen ausführen: + \begin{itemize} + \item vergleichen (matching) $\rightarrow$ bedingte Sprünge + \item arithmetische und logische Operationen + \item beliebige Änderungen am Paketinhalt + \end{itemize} + \item atomares Ersetzen von Regeln über Netlink-Transaktionen + \item funktioniert mit bisher verfügbaren Tools noch nicht effektiv +\end{itemize} + +\end{frame} + +\begin{frame} +\frametitle{Funktionsweise iptables vs. nftables} +\begin{center} +\includegraphics[width=8cm]{../nftables.jpg} +\end{center} +\end{frame} + +\lstset{ + basicstyle=\ttfamily\small +} + +\begin{frame}[fragile] +\frametitle{Funktionsweise iptables vs. nftables} +\begin{itemize} + \item \hspace{0.3cm} +\begin{minipage}{.45\linewidth}% +\begin{lstlisting} +payload load 4 offset network header + 16 => reg 1 +compare reg 1 192.168.0.1 +\end{lstlisting} +\end{minipage} + + \item \hspace{0.3cm} +\begin{minipage}{.45\linewidth}% +\begin{lstlisting} +payload load 4 offset network header + 16 => reg 1 +set lookup reg 1 load result in verdict register + { "192.168.0.1" : jump chain1, + "192.168.0.2" : drop, + "192.168.0.3" : jump chain2 } +\end{lstlisting} +\end{minipage} +\end{itemize} +\end{frame} + + +\section{Syntax und Tools} + +\begin{frame} +\frametitle{Funktionsweise iptables vs. nftables} + +iptables: +\begin{itemize} + \item iptables -A INPUT -p tcp --dport 22 -j LOG + \item iptables -A INPUT -p tcp --dport 22 -j DROP +\end{itemize} + +\end{frame} + +\begin{frame}[fragile] +\frametitle{Funktionsweise iptables vs. nftables} + +nftables: nft +\begin{itemize} + \item nft add table filter + \item nft add chain filter input "\{ type filter hook input priority 0; \}" \\ \vspace{0.3cm} + \item nft add rule filter input \ + tcp dport 22 log drop \\ \vspace{0.3cm} + + \item als Script: \\ +\begin{minipage}{.45\linewidth}% +\begin{lstlisting} +#!/usr/bin/nft -f +table filter { + chain input { + type filter hook input priority 0; + ip protocol tcp dport 22 drop log + } +\end{lstlisting} +\end{minipage} + + \item nft bisher noch kaum in Linux-Distributionen verfügbar + \item in Arch Linux bisher nur im AUR verfügbar + +\end{itemize} + +\end{frame} + + +\section{Performance-Vergleich} + +\begin{frame} +\frametitle{Performance-Vergleich} + +Testaufbau: +\begin{center} +\includegraphics[width=10cm]{../../../bericht/bilder/nft-layout.pdf} +\end{center} + +\end{frame} + +\begin{frame} +\frametitle{Performance-Vergleich} + +\begin{itemize} + \item Hardware: + \begin{itemize} + \item Sender / Empfänger: + \begin{itemize} + \item Intel Atom 330 (1,6 GHz) + \item NVIDIA MCP79 Ethernet Controller + \item 2 GB RAM + \end{itemize} + \item Firewall: + \begin{itemize} + \item Intel Core 2 Duo E6750 (2,6 GHz) + \item Intel 82572EI und 82566DM-2 Ethernet Controller + \item 2 GB RAM + \end{itemize} + \end{itemize} + + \item Software: + \begin{itemize} + \item Paket-Generator: pktgen + \item Netzwerk-Monitor: ifpps (aus netsniff-ng) + \end{itemize} + + \item Testablauf: + \begin{itemize} + \item zotac3 sendet Pakete über zotac-firewall an zotac4 + \item Firewall hat entsprechend viele Regeln + \item Empfänger verwirft Pakete noch im iptables-Stack + \end{itemize} +\end{itemize} + +\end{frame} + + +\begin{frame} +\frametitle{Performance-Vergleich} +\begin{center} +\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-size-load-rate-send.pdf} +\end{center} +\end{frame} + + +\begin{frame} +\frametitle{Performance-Vergleich} +\begin{center} +\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-size-load-rate-recv.pdf} +\end{center} +\end{frame} + + +\begin{frame} +\frametitle{Performance-Vergleich} +\begin{center} +\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-ipt-drop.pdf} +\end{center} +\end{frame} + + +\begin{frame} +\frametitle{Performance-Vergleich} +\begin{center} +\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-ipt-drop-response.pdf} +\end{center} +\end{frame} + +\section{Schlussfolgerung} + +\begin{frame} +\frametitle{Schlussfolgerung} + +\begin{itemize} + \item iptables bezüglich Durchsatz noch überlegen, bei sehr vielen Regeln etwa gleich bzw. etwas schlechter als nftables + \item nftables skaliert bezüglich Antwortzeit besser + \item Vorteile nftables: + \begin{itemize} + \item Konzept mit virtueller Maschine mächtig + \item leichte Erweiterbarkeit + \end{itemize} + \item aber: + \begin{itemize} + \item momentan bei mittlerer Regelanzahl noch wesentlich schlechter performant als iptables + \item bisher so gut wie keine Dokumentation verfügbar + \end{itemize} +\end{itemize} + +\end{frame} + +\section{Quellen} + +\begin{frame} +\frametitle{Quellen} + +\begin{itemize} + \item Projekt-Website von nftables: \\ + \url{http://netfilter.org/projects/nftables/} + \item Tutorial von Eric Leblond: + \url{https://home.regit.org/netfilter-en/nftables-quick-howto/} + \item nftables Wiki: \\ + \url{http://wiki.nftables.org/wiki-nftables/} + \item Wikipedia-Artikel: \\ + \url{http://en.wikipedia.org/wiki/Nftables} +\end{itemize} + +\end{frame} + + +\end{document} \ No newline at end of file diff --git a/nftables/Präsentation/Latex/theme/beamerinnerthemezih01.sty b/nftables/Präsentation/Latex/theme/beamerinnerthemezih01.sty new file mode 100644 index 0000000..2fd9715 --- /dev/null +++ b/nftables/Präsentation/Latex/theme/beamerinnerthemezih01.sty @@ -0,0 +1,74 @@ +\DeclareOptionBeamer{shadow}[true]{\def\beamer@themerounded@shadow{#1}} +\ExecuteOptionsBeamer{shadow=false} +\ProcessOptionsBeamer + +\mode + +\newlength{\dings}\setlength{\dings}{7.2mm} + +%%% set variales for author details +\newcommand{\room}[1]{\def\ROOM{#1}} +\newcommand{\address}[1]{\def\ADR{#1}} +\newcommand{\city}[1]{\def\CITY{#1}} +\newcommand{\phone}[1]{\def\PHONE{#1}} +\newcommand{\email}[1]{\def\EMAIL{#1}} + %%% command to insert author details +\newcommand{\insertauthordetails}{\ADR\\\CITY} +\newcommand{\insertemail}{\usebeamercolor[fg]{titlepage}E-Mail: +\href{mailto:\EMAIL}{\EMAIL}} +%\newcommand{\insertphone}{\usebeamercolor[fg]{titlepage}Telefon: \PHONE} + +\setbeamertemplate{blocks}[rounded][shadow=\beamer@themerounded@shadow] +\setbeamertemplate{items}[ball] +\setbeamertemplate{sections/subsections in toc}[ball] +\setbeamertemplate{part page}[default][colsep=-4bp,rounded=true,shadow=\beamer@themerounded@shadow] + +%\definecolor{darkblue}{rgb}{0.04, 0.16, 0.32} + +\defbeamertemplate*{title page}{zih}[1][] +{ + \definecolor{zihorange}{rgb}{0.898, 0.420, 0.125} + \setbeamercolor{title}{fg=zihorange} + \setbeamercolor{subtitle}{fg=zihorange} + \setbeamercolor{titlepage}{fg=white} + \vbox{} + \vfill + \begin{centering} + + \vspace{22mm}% + + \parbox{\textwidth}{%for positioning title,subtitle and date + \begin{centering} + {\LARGE\usebeamercolor[fg]{title}\inserttitle\par}% + \ifx\insertsubtitle\@empty% + \else% + \vspace{5mm}% + {\itshape\usebeamercolor[fg]{subtitle}\insertsubtitle\par}% + \fi% + \vspace{3mm}% + \usebeamercolor[fg]{titlepage}\insertauthor\\ + \vspace{2mm}% + \scriptsize\usebeamercolor[fg]{titlepage}\insertdate\\ + \end{centering} + }% + + \vspace{3mm} + \includegraphics[height=0.2\textheight]{theme/logo/LCTP-logo}% + + \end{centering}% + + \vspace{13mm} + \parbox{0.7\textwidth}{%positioning author information + \footnotesize\usebeamercolor[fg]{titlepage} + %\insertauthordetails \\ + %\vspace{-1mm}\\ + %\insertphone\\ + \insertemail + } +} + + + +\setbeamertemplate{title page}[zih][colsep=-4bp,rounded=true,shadow=\beamer@themerounded@shadow] + +\mode diff --git a/nftables/Präsentation/Latex/theme/beamerouterthemezih01.sty b/nftables/Präsentation/Latex/theme/beamerouterthemezih01.sty new file mode 100644 index 0000000..1ca9b2c --- /dev/null +++ b/nftables/Präsentation/Latex/theme/beamerouterthemezih01.sty @@ -0,0 +1,139 @@ +% +% A Beamer Theme Which Looks A Bit Like ZIH Presentation Template +% +% Matthias.Lieber@tu-dresden.de +% + +% +% Setup stuff: +% + +\definecolor{darkblue}{rgb}{0.04, 0.16, 0.32} + +% color for footer and navigation header (if activated, see below) +\setbeamercolor*{palette primary}{fg=black,bg=white} + +% color for subsection navigation (if activated, see below) +\setbeamercolor*{palette secondary}{fg=white,bg=darkblue} + +% Add the typical beamer navigation stuff in the head? +\newif\ifbeamer@theme@navigation +\beamer@theme@navigationfalse +%\beamer@theme@navigationtrue + +% Include subsection names in the head navigation? +\newif\ifbeamer@theme@subsection +\beamer@theme@subsectionfalse +%\beamer@theme@subsectiontrue + +% define left and right logo +\pgfdeclareimage[width=5.2em,interpolate=true]{logo-l}{theme/logo/tu_logo} +\pgfdeclareimage[width=5.2em,interpolate=true]{logo-r}{theme/logo/zih_logo_ml} + +% we use tikz for the color gradient +\usepackage{tikz} + +\setbeamercolor{subsection in head/foot}{parent=palette secondary} +\setbeamercolor{section in head/foot}{parent=palette primary} +\setbeamercolor{author in head/foot}{parent=palette primary} + + +\definecolor{zihorange}{rgb}{0.898, 0.420, 0.125} + + +\defbeamertemplate*{footline}{zih01 theme} +{% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line head} + \hfill\rule{0cm}{0.7cm} + \end{beamercolorbox} + % fancy color gradient, see + % /usr/share/texmf/doc/generic/pgf/version-for-pdftex/en/pgfmanual.pdf + \begin{tikzpicture}[x=\paperwidth,y=0.5pt] + \shade[left color=white,right color=white] (0.0,0) rectangle (0.2,1); + \shade[left color=darkblue,right color=zihorange] (0.2,0) rectangle (0.8,1); +% \shade[left color=zihorange,right color=zihorange] (0.819,0) rectangle +% (0.978,1); + \end{tikzpicture} + % logo, page number, yet anoter logo + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \pgfuseimage{logo-l} + \hfill% + %\leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \leavevmode{\usebeamerfont{author in head/foot}\insertframenumber/\inserttotalframenumber}% + \hfill% + \pgfuseimage{logo-r} + \end{beamercolorbox}% +} + + +\DeclareOptionBeamer{footline}{\csname beamer@theme@footline@#1\endcsname} +\DeclareOptionBeamer{subsection}[true]{\csname beamer@theme@subsection#1\endcsname} +\ProcessOptionsBeamer + + +\mode + + % Head +\defbeamertemplate*{headline}{zih01 theme} +{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line head} + \end{beamercolorbox} + % Navigation + \ifbeamer@theme@navigation + \begin{beamercolorbox}{section in head/foot} + \vskip2pt\insertnavigation{\paperwidth}\vskip2pt + \end{beamercolorbox}% + \fi% + % Section > Subsection + \ifbeamer@theme@subsection% + \begin{beamercolorbox}[colsep=1.5pt]{middle separation line head} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,leftskip=.3cm,rightskip=.3cm plus1fil]{subsection in head/foot} + \usebeamerfont{subsection in head/foot}\insertsectionhead\ \hfill \insertsubsectionhead + \end{beamercolorbox}% + \else% + \begin{beamercolorbox}{subsection in head/foot} + \rule{0cm}{0.7pt} + \end{beamercolorbox}% + \fi% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line head} + \end{beamercolorbox} +} + + + + % Frametitle + +\defbeamertemplate*{frametitle}{zih01 theme}[1][left] +{% + \ifbeamercolorempty[bg]{frametitle}{}{\nointerlineskip}% + \@tempdima=\textwidth% + \advance\@tempdima by\beamer@leftmargin% + \advance\@tempdima by\beamer@rightmargin% + \begin{beamercolorbox}[sep=0.3cm,#1,wd=\the\@tempdima]{frametitle} + \usebeamerfont{frametitle}% + \vbox{}\vskip-1ex% + \if@tempswa\else\csname beamer@fte#1\endcsname\fi% + \strut\hspace{3mm}\insertframetitle\strut\par% + \vspace{-3.8mm}% + \begin{tikzpicture}[x=\paperwidth,y=0.65pt] + \shade[left color=white,right color=white] (0.0,0) rectangle (0.001,1); + \shade[left color=zihorange,right color=darkblue] (0.02,0) rectangle (0.938,1); + \shade[left color=darkblue,right color=zihorange] (0.01,3) rectangle (0.928,4); + \end{tikzpicture} + + {% + \ifx\insertframesubtitle\@empty% + \else% + {\usebeamerfont{framesubtitle}\usebeamercolor[fg]{framesubtitle}\hspace{3mm}\insertframesubtitle\strut\par}% + \fi + }% + \vskip-1ex% + \if@tempswa\else\vskip-.3cm\fi% set inside beamercolorbox... evil here... + \end{beamercolorbox}% +} + + + +\mode + diff --git a/nftables/Präsentation/Latex/theme/logo/LCTP-logo.pdf b/nftables/Präsentation/Latex/theme/logo/LCTP-logo.pdf new file mode 100644 index 0000000..18ac29c Binary files /dev/null and b/nftables/Präsentation/Latex/theme/logo/LCTP-logo.pdf differ diff --git a/nftables/Präsentation/Latex/theme/logo/bg.png b/nftables/Präsentation/Latex/theme/logo/bg.png new file mode 100644 index 0000000..4e2a44f Binary files /dev/null and b/nftables/Präsentation/Latex/theme/logo/bg.png differ diff --git a/nftables/Präsentation/Latex/theme/logo/tu_logo.pdf b/nftables/Präsentation/Latex/theme/logo/tu_logo.pdf new file mode 100644 index 0000000..80b2ef3 Binary files /dev/null and b/nftables/Präsentation/Latex/theme/logo/tu_logo.pdf differ diff --git a/nftables/Präsentation/Latex/theme/logo/tu_logo_black.pdf b/nftables/Präsentation/Latex/theme/logo/tu_logo_black.pdf new file mode 100644 index 0000000..c86e48d Binary files /dev/null and b/nftables/Präsentation/Latex/theme/logo/tu_logo_black.pdf differ diff --git a/nftables/Präsentation/Latex/theme/logo/zih_logo_ml.pdf b/nftables/Präsentation/Latex/theme/logo/zih_logo_ml.pdf new file mode 100644 index 0000000..56e3eaf Binary files /dev/null and b/nftables/Präsentation/Latex/theme/logo/zih_logo_ml.pdf differ diff --git a/nftables/Präsentation/Latex/theme/logo/zih_logo_white.pdf b/nftables/Präsentation/Latex/theme/logo/zih_logo_white.pdf new file mode 100644 index 0000000..8526f51 Binary files /dev/null and b/nftables/Präsentation/Latex/theme/logo/zih_logo_white.pdf differ diff --git a/nftables/Präsentation/Latex/theme/theme.tex b/nftables/Präsentation/Latex/theme/theme.tex new file mode 100644 index 0000000..ce0e522 --- /dev/null +++ b/nftables/Präsentation/Latex/theme/theme.tex @@ -0,0 +1,126 @@ +\newif\ifzihbackground +\zihbackgroundtrue +%\zihbackgroundfalse + +% Yes, this is dirty +\newcommand\zihmaketitle{ + \definecolor{white}{gray}{1.00}% + \setbeamercolor{normaltext}{bg=darkblue}% + \setbeamertemplate{headline}{% + \vskip6.15mm\color{white}\setlength{\arrayrulewidth}{0.3pt}% + \begin{tabular*}{\paperwidth}[b]{l@{\extracolsep\fill}}% + \hspace*{3.0mm}\color{white}% + \includegraphics[height=7.81mm]{theme/logo/tu_logo_black}\\[1.2mm]% + \hline\hspace*{11.76mm}\rule[-0.8mm]{0pt}{2.47mm}% + \def\@@dummyComma{}\rule{0pt}{5.8pt}% + \insertinstitute \\% + \hline% + \end{tabular*}% + \hspace{-\paperwidth}% + }% + \ifzihbackground + \setbeamertemplate{footline}{} + \setbeamertemplate{background}{\includegraphics[height=\paperheight,width=\paperwidth]{theme/logo/bg}} + \else + \setbeamertemplate{footline}{ + \parbox[t][22mm]{\paperwidth}{ + \vspace*{-8.18mm} + \rule + {98.6mm}{0pt}\includegraphics[height=15mm]{theme/logo/zih_logo_white} + + } + } + \fi% + \frame{\titlepage} + % Kopf-/Fusszeilen fuer restliche Folien + \setbeamercolor{normal text}{bg=white} + \setbeamertemplate{background}{} + \setbeamertemplate{headline}[zih01 theme] + \setbeamertemplate{footline}[zih01 theme] +} + +\usetheme{Dresden} +%\useoutertheme{theme/zih01} +%\useinnertheme{theme/zih01} +\usepackage{theme/beamerouterthemezih01} +\usepackage{theme/beamerinnerthemezih01} + +%\useinnertheme{rounded} +\definecolor{darkblue}{rgb}{0.04, 0.16, 0.32} +% font color for headlines etc. +\setbeamercolor*{structure}{fg=darkblue,bg=white} +% disable navigation symbols +\setbeamertemplate{navigation symbols}{} +% can't remember what this is good for +\setbeamercovered{transparent} + +% reduce margin size +\setbeamersize{text margin left=0.7cm} +\setbeamersize{text margin right=0.7cm} +% +% Outer Color Theme "whale" sorgt f?r strenge farbliche Trennen zwischen Zierrat +% und dem eigentlichen Inhalt. Ein dunkler Hintergrund f?r den Folientitel wirkt +% aber zu aufdringlich. +% +\usecolortheme{orchid} +%\setbeamercolor{titlelike}{parent=structure} + +% +% Inner Color Theme "orchid" sorgt f?r farblich abgesetzt Bl?cke (Definitionen, +% S?tze, Beispiele, Beweise, ...). +% +%\usecolortheme{orchid} + +%zum drucken +%\usepackage{pgfpages} +%\pgfpagesuselayout{resize to}[a4paper,border shrink=5mm,port] +%\pgfpagesuselayout{4 on 1}[a4paper,border shrink=3mm, landscape] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\definecolor{LightGray} {gray}{0.9} +\definecolor{Gray} {gray}{0.5} +\definecolor{DarkGray} {gray}{0.2} +\definecolor{listinggray} {gray}{0.96} +\definecolor{DarkGreen} {rgb}{0.0,0.6,0.0} +\definecolor{DarkRed} {rgb}{0.6,0.0,0.0} +\definecolor{DarkBlue} {rgb}{0.0,0.0,0.6} +\definecolor{DarkCyan} {rgb}{0.7,0.7,0.2} +\definecolor{DarkDarkGreen} {rgb}{0.0,0.4,0.0} + +\lstset{language=C} +\lstset{linewidth=0.99\textwidth} +%\lstset{boxpos=c} +\lstset{xleftmargin=0.03\textwidth} +%\lstset{breaklines=true} +\lstset{framexleftmargin=0.03\textwidth} +\lstset{abovecaptionskip=\smallskipamount} +\lstset{belowcaptionskip=\smallskipamount} +\lstset{basicstyle=\ttfamily\tiny} +\lstset{backgroundcolor=\color{listinggray}} +%\lstset{frameround=ffff} +%\lstset{frame=shadowbox} +%\lstset{rulesepcolor=\color{Gray}} +\lstset{numbers=left} +\lstset{numberstyle=\tiny \color{DarkGray}} +\lstset{numbersep=0.01\textwidth} +\lstset{showstringspaces=false} +%\lstset{showspaces=false} +\lstset{tabsize=4} + +%% all words in the following list are printed in bold letters in a listing +\lstset{emph={__asm__, __volatile__, return, main,},emphstyle={\bfseries\color{DarkGray}}} +\lstset{captionpos=b} + +% Style für C Sourcecode +\lstdefinestyle{CA}{ + language=C, + basicstyle=\ttfamily\scriptsize, + keywordstyle=\ttfamily\bfseries\color{DarkBlue}, + stringstyle=\ttfamily\color{DarkRed}, + commentstyle=\ttfamily\color{DarkGreen}, + identifierstyle=\ttfamily\color{DarkCyan}, + backgroundcolor=\color{listinggray}, +} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%% \ No newline at end of file diff --git a/nftables/Präsentation/iptables.gif b/nftables/Präsentation/iptables.gif new file mode 100644 index 0000000..77d5623 Binary files /dev/null and b/nftables/Präsentation/iptables.gif differ diff --git a/nftables/Präsentation/iptables.png b/nftables/Präsentation/iptables.png new file mode 100644 index 0000000..764bbe1 Binary files /dev/null and b/nftables/Präsentation/iptables.png differ diff --git a/nftables/Präsentation/nftables.jpg b/nftables/Präsentation/nftables.jpg new file mode 100644 index 0000000..9f1f168 Binary files /dev/null and b/nftables/Präsentation/nftables.jpg differ