Re: [fw-wiz] IPChains vs. IPTables

From: Nimesh Vakharia (nvakhari@clio.rad.sunysb.edu)
Date: 07/29/02


From: Nimesh Vakharia <nvakhari@clio.rad.sunysb.edu>
To: Volker Tanger <volker.tanger@discon.de>
Date: Mon Jul 29 16:31:21 2002

Anyone ever use the cotent inspection in ipTable?. Maintaining the
application state (give the total number of applictions and complexity of
each) to make decision based on the application state transistion as
defined per RFC can be pretty tricky. If it actually works, this could be
developed into a nice protocol anomaly engine. Anyone have pointers or
documentation for this?

On Thu, 25 Jul 2002, Volker Tanger wrote:

> Greetings!
>
> Josh Welch wrote:
> > From: "Patrick Darden" <darden@armc.org>
> > >
> > > IPTables allow content inspection (making sure port 80 traffic is
> > > web, 21 is ftp, etc.), making it a little better than a mere packet
> > > filter.
> > > Truthfully, though, with tunnelling, if you don't have tight access
> > > lists then allowing any protocol access is just as secure via
> > > packet filtering as packet inspection. Loki uses icmp;
> > > then there's ssl tunneling, ssh, and hosts of others....
> > >
> >
> > IPTables does not , to my understanding, do content inspection. It does
> > state inspection, which IPChains does not, but does not check content. How
> > would you check content with IPTables?.
>
> There are some first (pre-alpha) patches for IPtables (2.5 kernel) that
> lay a foundation for packet data insprection. The "normal" IPtables only
> is a stateful (not inspection) packet filter, whereas IPchains only is a
> static (dumb) packet filter. For a detailed overview see
> http://www.wyae.de/secure_gateway/gateways.html
>
> Bye
>
> Volker Tanger
> IT-Security Consulting
>
> --
> discon gmbh
> Wrangelstraße 100
> D-10997 Berlin
>
> fon +49 30 6104-3307
> fax +49 30 6104-3461
>
> volker.tanger@discon.de
> http://www.discon.de/
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>



Relevant Pages

  • Re: [fw-wiz] IPChains vs. IPTables
    ... IPTables allow content inspection (making sure port 80 traffic is web, ... is ftp, etc.), making it a little better than a mere packet filter. ... > Someone suggested that I use IPTables instead of IPchains, ...
    (Firewall-Wizards)
  • Re: Prevent access to linux server when mac adress does not match ip adress
    ... Iptables has much more features than ipchain. ... Prior to the 2.2.x kernel, the firewall was controlled by "ipfwadm". ... introduced the IPCHAINS tool to control that. ... Often the upgrade is too big and bulky for the older ...
    (comp.os.linux.networking)
  • Re: IPChains with RH 9? "Protocol not available"
    ... Yes, iptables is way more versatile than ipchains, and ipchains ... is no longer supported in the redhat kernel by default. ... is RH 9 stock kernel still support ipchains? ...
    (RedHat)
  • Re: A Question On Ipchains Input Rules
    ... If RH72 allows using iptables instead of ipchains, ... return packets for any established connections, ... outbound SMTP sessions, you just allow outbound SMTP, and the ...
    (comp.os.linux.security)
  • Re: IPChains not working
    ... >>and changing a script from ipchains to iptables can take a while ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
    (comp.os.linux.security)