On Tue, 26 Jan 1999, Henrique Pantarotto wrote:
> At 18:53 26/01/99 -0200, Juan Carlos Castro y Castro wrote:
> >What's the difference between ipfwadm and ipchains? Don't they all
> >simply manipulate kernel parameters or something like that? Is there any
> >advantage of using one instead of other? My kernel is 2.0.36.
>
> Hello Juan!
>
> They do the same thing (they are both firewalls). I'm not an expert, but
> people tell that ipchains in much better. Besides that, ipfwadm will no
> longer work with newer kernels, so you *must* start using ipchains sooner
> or later.
hi :-)
just some of them
an important issue IMHO could be the deal of fragments (the old
firewalling code dosen't)
ipchains is also easier to manage and with it you can specify inverse
rules
but not only... below there'is a little list of other new feature
TOS manipulations are now sanity-checked
Arbitrary chains are supported
Arbitrary protocols over IP can be tested
Counters are now 64-bit on 32-bit machines, not 32-bit
ICMP codes are now supported
Wildcard interfaces are now supported
for more information look at the ipchains-howto written by Paul Russell
(http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html)
ciao
alfonso
>
> For ipchains to work, you need to apply a patch to your 2.0.36 kernel
> source tree. Newer kernels comes with ipchains for you.
>
> Hope I helped you a little.
>
>
> Regards from Brazil,
>
> Henrique Pantarotto
> Coord. Técnico Operacional
> CEPAnet Internet Provider
> Web: http://www.cepa.com.br
> Tel. suporte: (011) 5506-8477
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
--
Alfonso De Gregorio sysadmin/pluto member
SPEED s.r.l. Phone: +39-0872-988001
P.zza Roma, 27 Fax: +39-0872-988252
66010 Gessopalena (Chieti) e-mail: [EMAIL PROTECTED]
ITALY nick: fhex (#linux-it IRCNet)
"Software is like sex; it's better when it's free" - Linus Torvalds -
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
