A couple of weeks ago, I gave a 2H workshop at Fosscon Philadelphia on Advanced Netfilter features. The workshop went well, and I will probably do it again. In the meantime, I posted the slides below. There is a video too, but the quality isn't great, and filming a workshop isn't as good as I hoped it would be.

The goal of the workshop is to demonstrate how netfilter, iptables, ipset and other tools available in Linux, can be used to build complex firewall policies for dynamic environments. I mentionned, at the end, some of the work i've done with Chef and the AFW cookbook. It's good stuff, so check it out.