On Sun, Dec 30, 2001 at 06:06:06PM +0100, Michael Gegerfelt wrote: > I would like to add to that question. I don't believe that you can > use both of them at the same time because it is two different types > of firewalls. However, my question is which of them is the better one > to use? Is there any drawbacks by using one or the other?
Well, I may be a little off on this, so please correct me if I'm wrong. All I'm writing is based on a presentation I watched with one of the Netfilter developers (Harald). If you are using Linux Kernel 2.4, it doesn't matter if you are using ipchains or iptables. What you are really using is the Netfilter code. The ipchains and iptables codes are just hooks on the Netfilter code. So, although the command syntax is the same, the ipchains code changed. Keeping that in mind, you notice that ipchains only have 3 hooks, while iptables has 6 hooks (3 on the regular table, and 3 on the nat table). You have also to consider that iptables provides statefull packet inspection. All in all, iptables will provide you will a much better interface to the Netfilter code. And if you are worried about some bug in the code, just keep in mind that the code is the same. You only use different hooks. So a bug in the code would affect both interfaces. All that said, you should definitily use iptables. -- Rodrigo Barbosa - rodrigob at tisbrasil.com.br TIS - Belo Horizonte, MG, Brazil "Quis custodiet ipsos custodiet?" - http://www.tisbrasil.com.br/
