D&C Lug - Home Page
Devon & Cornwall Linux Users' Group
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [LUG] ipchains, iptables or what

Gah...

Install OpenBSD and use ipfilter :-)

Seriously - despite the fact that this is a LUG list, ipf under OpenBSD is far
better than the *old* Linux firewalling code (ipchains et al).  I dunno how it
compares to iptables, but for example, ipf allows *true* NAT, both static and
dynamic, PAT (a better version of the so-called IP-Masquerade) and also allows
true stateful firewalling.

Now, I know that iptables does proper stateful firewalling now, but then again
OpenBSD has been *well* audited for security holes and doesn't come with all the
crap that comes with most linux distros.  Remember, in security terms, the less
you have on a system, the better.

http://coombs.anu.edu.au/~avalon/ip-filter.html
http://www.obfuscation.org/ipf/

Oh, and ipf is cross-platform too.  OpenBSD, FreeBSD, NetBSD, Solaris, SunOS,
BSD/OS, IRIX, HP-UX, etc etc etc.

Anyway, that's my bit of technology religion done for the day!  Time for
lunch... :-)

J.

--
Jon Still                               E-mail: jon at termisoc.org
System Administrator                    Web:    http://www.termisoc.org/~jon/
TermiSoc - UPSU Computing Society       Tel:    +44 (0)7977 066087

--
lug-list - The Mailing List for the Devon & Cornwall LUG
Mail majordomo at lists.termisoc.org with "unsubscribe lug-list" in the
message body to unsubscribe.
Lynx friendly