Re: [fw-wiz] IPChains vs. IPTables

From: Patrick Darden (darden@armc.org)
Date: 07/24/02 

From: Patrick Darden <darden@armc.org>
To: Marc DVer <mdver@whiteeagletox.com>
Date: Wed Jul 24 11:41:01 2002

IPTables allow content inspection (making sure port 80 traffic is web, 21
is ftp, etc.), making it a little better than a mere packet filter.
Truthfully, though, with tunnelling, if you don't have tight access lists
then allowing any protocol access is just as secure via packet filtering
as packet inspection. Loki uses icmp; then there's ssl tunneling, ssh,
and hosts of others.... 

--
--Patrick Darden                Internetworking Manager             
--                              706.475.3312    darden@armc.org
--                              Athens Regional Medical Center
On Wed, 24 Jul 2002, Marc DVer wrote:
> Someone suggested that I use IPTables instead of IPchains, as IPTables is
> more robust.  Is IPTables more secure for a given set of rules?
> 
> The rules for IPChains I use can be found at
> http://members.cavtel.net/mdver/start_firewall .  This is easier than trying
> to explain what I am trying to accomplish.
> 
> I am using RedHat 7.1 for a gateway/firewall.
> 
> I am also looking for an online IPTables for Dummies reference, in case
> IPTables is indeed superior to IPChains.
> 
> Sincerely,
> Marc DVer
> 
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

Relevant Pages

  • Re: [fw-wiz] IPChains vs. IPTables
    ... Anyone ever use the cotent inspection in ipTable?. ... >> IPTables does not, to my understanding, do content inspection. ... >> state inspection, which IPChains does not, but does not check content. ... > static packet filter. ...
    (Firewall-Wizards)
  • Re: stateful inspection firewall
    ... > Does anybody know if the IPTables firewalling subsystem is a real stateful ... feature using a patch distributed with iptables patch-o-matic. ... > performance and feutures between IPTables and Packet Filter? ... differents données des logiciels fonctionnant auparavant sur wwin 95? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: stateful inspection firewall
    ... > Does anybody know if the IPTables firewalling subsystem is a real stateful ... feature using a patch distributed with iptables patch-o-matic. ... > performance and feutures between IPTables and Packet Filter? ... differents données des logiciels fonctionnant auparavant sur wwin 95? ...
    (comp.unix.bsd.openbsd.misc)
  • Re: stateful inspection firewall
    ... > Does anybody know if the IPTables firewalling subsystem is a real stateful ... feature using a patch distributed with iptables patch-o-matic. ... > performance and feutures between IPTables and Packet Filter? ... differents données des logiciels fonctionnant auparavant sur wwin 95? ...
    (comp.security.firewalls)
  • Re: stateful inspection firewall
    ... > Does anybody know if the IPTables firewalling subsystem is a real stateful ... feature using a patch distributed with iptables patch-o-matic. ... > performance and feutures between IPTables and Packet Filter? ... differents données des logiciels fonctionnant auparavant sur wwin 95? ...
    (comp.unix.bsd.netbsd.misc)