> ipchains is a simple packet filter. it looks at per packet header > information and passes that through the ruleset for analysis and whether > it gets forwarded or not. > > there is no 'keeping of header info' unlike iptables which is stateful.
Thanks for the help. I think this must be right. However, can you explain the mechanism that allows a PC on the private LAN to do DNS, HTTP, etc. thru an SSH-only ipchains firewall??? The *must* be *some* mechanism to allow return packets of an existing TCP connection to bypass firewall! CS
