ipchains too old?

From: cam (camccuk@yahoo.com)
Date: 06/06/02

From: camccuk@yahoo.com (cam)
Date: 6 Jun 2002 10:20:57 -0700

Hello all,

I am using a RedHat 6.2 machine running a 2.2.19 kernel since we have
to support various legacy packages. The machine is fully up to date
with all the errata rpms . I would now like to put a firewall in place
before we put it onto our VPN for enterprise-wide access. It runs a
CVS server, ApacheJserv, sshd and qmail - most other services have
been disabled apart from some that are required such as rpc. A nessus
scan of the machine now shows only false positives.

I realise that there is probably not a lot more I can do apart from
get a firewall in place and set up snort or some other nids to keep an
eye on it. My question is whether ipchains is still valuable or is it
simply too old to bother with? I have to stick with the 2.2 kernel so
AFAIK iptables is not an option - I'm just concerned that the ipchains
howto is dated 2000 (this might as well be BC in security terms). On
the other hand, running *any* firewall would make me feel safer about
running rpc and would also allow me to expose some samba shares to our
local developers.

I would also be interested in any other comments on this set up.