RE: [LUG] ipchains, iptables or what

To: lug-list at area51.termisoc.org
Subject: RE: [LUG] ipchains, iptables or what
From: John Horne <J.Horne at plymouth.ac.uk>
Date: Mon, 26 Mar 2001 16:50:14 +0100 (BST)
In-Reply-To: <594D147DC453E446800E2F60F7FD530A0150E711 at SRVMETH10>
Organization: University of Plymouth
Reply-To: lug-list at area51.termisoc.org
Sender: owner-lug-list at area51.termisoc.org

On 26-Mar-01 at 12:04:36 Alex Charrett wrote:
> I'd never heard of iproute2 until just then.
> 
>From the 2.4.2 kernel Changes file:

  The IP firewalling and NAT code has been replaced again.  The new
  netfilter software (including ipfwadm and ipchains backwards-
  compatible modules) is currently distributed separately.

  If you have advanced network configuration needs, you should probably
  consider using the network tools from ip-route2.

------------------

My 'worry' here is that although I do not have 'advanced network
configuration needs', knowing my luck I'd use iptables only to find that
everyone else used ip-route2 and that it (ip-route2) was then to become the
recommended firewalling util. You get the drift.

Really I only need this stuff for some packet filtering so that the people
at work are happy that my PC is secure. Ipchains was easy enough to set up
for the services I do use, so I thought 'upgrading' should not be too much
of a problem.

> I'm not *too* sure what it does yet, but
> http://www.braindump.dk/en/wiki/?wikipage=PolicyRouting
> 
> seems to indicate that you would use iproute2 in conjunction with
> iptables.
> 
Quite possible (although a little vague - or perhaps I'm just reading it
wrong), and it does mention them as 'tools' above rather than a complete
firewall/NAT/masquerading/etc system. Awful web page by the way!

> I do however, reserve the right to be completely wrong :)
> 
Yes, but we won't tell anyone if you are :-)

On 26-Mar-01 at 12:36:35 Peter Hatton wrote:
> This is worth a read on the new stuff in iptables.
> 
> http://securityportal.com/cover/coverstory20010122.html
> 
Thanks.

On 26-Mar-01 at 12:17:38 Jon Still wrote:
> Gah...
> 
> Install OpenBSD and use ipfilter :-)
>
Hmm...you don't see this as overkill then? :-)

> http://coombs.anu.edu.au/~avalon/ip-filter.html
> http://www.obfuscation.org/ipf/
>
> Oh, and ipf is cross-platform too.  OpenBSD, FreeBSD, NetBSD, Solaris,
> SunOS, BSD/OS, IRIX, HP-UX, etc etc etc.
>
Thanks for this. I'll certainly read through the references people have
supplied.

Thanks,

John.

------------------------------------------------------------------------
John Horne, University of Plymouth, UK           Tel: +44 (0)1752 233914
E-mail: jhorne at plymouth.ac.uk
PGP key available from public key servers
--
lug-list - The Mailing List for the Devon & Cornwall LUG
Mail majordomo at lists.termisoc.org with "unsubscribe lug-list" in the
message body to unsubscribe.

References:
- RE: [LUG] ipchains, iptables or what
  - From: Alex Charrett <Alex.Charrett at sis.securicor.co.uk>

Prev by Date: Re: [LUG] ipchains, iptables or what
Next by Date: Re: [LUG] 2.4 kernels
Prev by thread: RE: [LUG] ipchains, iptables or what
Next by thread: [LUG] rpm-4.0.2 under Red Hat 6.2
Index(es):
- Date
- Thread

Lynx friendly