On Mon, Oct 07, 2002 at 07:05:14AM -0400, Joel Hammer wrote: > ipchains and iptables are mutually exclusive. > > ipchains is older technology. iptables is supposed to be a big improvement > but I use ipchains because I know how to use it and they work for my > needs. > > The biggest advantage I know about for iptables is it allows much greater > flexibility in controlling access to different ports. For example, with > iptables you can control access to a port depending on the time of day. > There is nothing in ipchains that allows that. With ipchains, you would have > to write a fancy script called by hosts.allow to get that kind of > flexibility. I would learn iptables.
It isn't the right place to discuss, but the greatest advantage of iptables/netfilter is the "stateful injection", which means, the firewall 'knows' the state of a connection. This is very easy to understand and maintain. Second, for the forwarding path, you don't need "in/out" rules to permit traffic. You only need a forward rule. This is mouch more clear, than the ipchains approach. There is a 'ipchains to iptables' emulation available, so you are able to use your old scripts with the new filter, but - right - mixing is not possible. Frank. -- Frank Matthie� [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
