Indunil Jayasooriya
2007-Feb-07 06:05 UTC
[CentOS] What is the diffrence between port filtering and packet filtering ?
Hi all, I want to set up a firewall on CentOS 4.4. I wnat to know the diiffrence between port filtering and packet filtering ? Can iptables do both? Is there another pkg better than this? if so, pls let me know. The purpose of this is to setup a firewall for production use. -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070207/5472033b/attachment.html>
John R Pierce
2007-Feb-07 06:49 UTC
[CentOS] What is the diffrence between port filtering and packet filtering ?
Indunil Jayasooriya wrote:> Hi all, > > I want to set up a firewall on CentOS 4.4. > > I wnat to know the diiffrence between port filtering and packet > filtering ? > > Can iptables do both? > > Is there another pkg better than this? if so, pls let me know. > > The purpose of this is to setup a firewall for production use.centos is a general purpose server-oriented distribution... while it has firewalling capabilities, properly configuring it as a good production firewall would require a thorough knowlege of internet security, network protocols, firewall rules in general, and iptables in specific. iptables can do almost anything imaginable if you can figure out how to specify the rules, but it doesn't do anything at all until you configure it. you might be better off with a purpose built firewall distribution such as ipcop or pfsense or smoothwall
mouss
2007-Feb-07 22:39 UTC
[CentOS] What is the diffrence between port filtering and packet filtering ?
Indunil Jayasooriya wrote:> Hi all, > > I want to set up a firewall on CentOS 4.4. > > I wnat to know the diiffrence between port filtering and packet > filtering ?useless terminology. only marketeers insist on this. most firewalls nowadays do all kind of filtering. I guess the meaning would be: - port filtering: block/open TCP/UDP ports - packet filtering: block/open based on IP addresses, IP protocol, ports, ... etc.> > Can iptables do both?yes.> > Is there another pkg better than this? if so, pls let me know. > > The purpose of this is to setup a firewall for production use. >depends on your situation. if you don't have performance issues and no special configuration needs, then a low end commercial firewall would be enough. otherwise, you need to take the time to learn iptables, or find someone to help you build your firewall. there are guis available. google is your friend. one that comes to mind now is fwbuilder.