Re: IPF/IPTable/??

• Previous message: bda: "Re: ridiculous situation"
• In reply to: ALBEE,RUSSELL. S FC2 (CV63 CS5): "IPF/IPTable/??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Nov 2002 15:40:29 -0700
From: Brad Arlt <arlt@cpsc.ucalgary.ca>
To: "ALBEE,RUSSELL. S FC2 (CV63 CS5)" <ALBEER@kitty-hawk.navy.mil>

On Thu, Nov 28, 2002 at 06:02:42AM +0900, ALBEE,RUSSELL. S FC2 (CV63 CS5) wrote:
> Which *NIX firewall software is the best to use in terms of sercurity and
> reliability? IPF? IPChains? IPTables?

I consider Chains, Table, and Filter en par for stability.

Chains might be a little more stable, but how many 9s does one really
need? Chains doesn't protect your network as well as Tables, so while
IPChains might keep your firewall running longer. It might not keep
your network running longer, which is after all what your firewall is
supposed to do.

If you really mean "IPF" (circa Linux 2.0 kernel), and not IP Filters,
doen't use it.

The speed, flexablity, and statefulness of IP Tables (netfilter), make
it the best choice.

If you don't know what I am talking about when I say a 9, then you
want IPTables. And you want to read more about all three so you can
an informed decision on the merits of each, rather than the
preferences of the masses.
-----------------------------------------------------------------------
   __o Bradley Arlt Security Team Lead
 _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
(_)/(_) I should be biking right now. Computer Science

• Next message: nee cee: "Re: Blocking personal email"
• Previous message: bda: "Re: ridiculous situation"
• In reply to: ALBEE,RUSSELL. S FC2 (CV63 CS5): "IPF/IPTable/??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]