Folks, There is a reason that most commercial firewalls still seem to be running on Ip-Chains and 2.2 kernel .. Its called too complicated to automate Ip-tables ... Francesca
On Tue, 9 Apr 2002, Francesca C Smith wrote:> Folks, > > There is a reason that most commercial firewalls still seem to be running on > Ip-Chains and 2.2 kernel .. Its called too complicated to automate Ip-tables > ... >Whatever the reason is for commercial firewalls still being on 2.2, it is NOT that iptables is too complicated. Having implemented firewall products on both 2.2 and 2.4 kernels, I can say without reservation that iptables provides a much easier platform for firewall development. Shorewall''s zone paradygm would be virtually impossible to implement using ipchains. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
See Linux Network Administrators Guide, Second Edition by Olaf Kurch and Terry Dawson -- from OReilly. Plus there are several good how-to docs on the web. -- Sincerely, David Smead http://www.amplepower.com. On Tue, 9 Apr 2002, Gar Nelson wrote:> Francesca C Smith wrote: > > > > There is a reason that most commercial firewalls still seem to be running on > > Ip-Chains and 2.2 kernel .. Its called too complicated to automate Ip-tables > > Which brings up the related problem that every SysAdmin book I''ve picked > up, including ones with a 2002 copyright, only talk about ipchains. I''ve > yet to find a single one that addresses iptables. > > Gar
Francesca C Smith wrote:> > There is a reason that most commercial firewalls still seem to be running on > Ip-Chains and 2.2 kernel .. Its called too complicated to automate Ip-tablesWhich brings up the related problem that every SysAdmin book I''ve picked up, including ones with a 2002 copyright, only talk about ipchains. I''ve yet to find a single one that addresses iptables. Gar