[NCLUG] Newbie

J. Paul Reed preed at sigkill.com
Thu Jul 19 05:45:29 MDT 2001


On Wed, 18 Jul 2001 densign at danedesign.tv wrote:

> Is IPChains a decent firewall? Any suggestions?

Sean would probably have more info, as tummy.com works on the wonderful
IsinGlass product (http://www.tummy.com/isinglass/) and they do firewalls.

ipchains is an ok firewall; it will probably do the job just fine if you're
securing one box itself on the Internet, or if you're trying to get a
masquerade box to protect your home network.

However, if you're looking for a "real" firewall, or rather a firewall with
the features you'd expect out of the BSD world, I would tell you to take a
look at iptables, the 2.4 kernel's firewalling method.

iptables supports stateful firewalling, and as a general rule has a more
thought-out design to implement packet mangling, firewalling, and packet
handling in general.

It definitely puts Linux on par with BSD's networking capabilities and is
the future as far as Linux firewalls are concerned; now, I wouldn't even
consider using ipchains for a firewall I might be building for a company.

Later,
Paul
  ----------------------------------------------------------------------
  J. Paul Reed                preed at sigkill.com || web.sigkill.com/preed
  Homer no function beer well without.  -- H. Simpson, "The Joy of Sect"





More information about the NCLUG mailing list