[ale] Ipchain/IpTable

[James P. Kinney III]

There are some big syntax differences between the two version. Also,
there was an ALE meeting (that I missed :(  ) where Bob Toxen discussed
the differences and, ultimately, why ipchains is, in several repsects, a
better solution that iptables. I believe there was a posting of the talk
slides on the ALE list. 

I have used iptables since it was early. There was a specific feature
that I needed (a WORKING packet marking process) that ipchains just
couldn't do at that time.

But for a basic "deny all but let in a few ports we like" firewall, both
systems will be just fine. It's not until you want to tinker with the
esoterica of packet mangling and logging and user-space packet access,
then you will need a more in-depth look at the differences. On that
note, I would point out that Rusty Russel, author of both ipchains and
iptables, has announced that iptables is the "official" process now.
Ipchains is in maintenance mode, so no new features.

On Sun, 2002-09-01 at 14:14, David Corbin wrote:
> I have a linux firewall/router that's been running the 2.2 family of 
> kernels for a long time.  For other reasons, I'm upgrading to 2.4.  It 
> appears that 2.4 supports ipchains OR iptables.  My question is, what's 
> the benefit to using iptable over ipchains?  Why should I convert?
> 
> Thanks
> David
> 
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part