Neither ipchains nor iptables are - themselves - stateful. Both provide add-on modules which perform the stateful stuff. Iptables has better integration with the modules that DO the stateful tracking (check the ipt_conntrack_ stuff).
The real difference? ipchains has a convoluted path - that is an packet coming into the box can traverse two of the major "chains", input and forward, or only one - depending upon it's destination. Under iptables, each table serves a specific purpose. That is: INPUT is ONLY for packets destined for processes running on the box FORWARD is only for packets forwarded by the box and OUTPUT is only for packets generated by processed running on the box. Iptables also has the PREROUTING and POSTROUTING tables, part of -t mangle (vs. -t filter) Between the five, you can choose to apply the same rules for input and forward, but you are not required - simply, you have more control. Check this http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.ht ml as a quick and dirty -----Burton -----Original Message----- From: monk [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 1:15 PM To: [EMAIL PROTECTED] Subject: Re: Help with ipchains No flames, please... But a question. I have used ipchains for quite some time, but have never used iptables(just started to dig in today). I read somewhere that iptables in not actually stateful, that it just looks at some specifics of the packet, but that is it. I am a little confused at what I have read, and what I hear here. Someone lend a hand? Meanwhile, I'll keep reading the iptables how-to info...Thanks.
