> iptables/netfilter for the 2.4 linux kernel series has some unsolved > (yet) problems. Suggest you to take a look at the OpenBSD's Packet > Filter and/or FreeBSD IPFilter. Both easier and more powerfull.
What unresolved problems are you referring to? While I'll agree that IPFilter is more mature than iptables/netfilter, OpenBSD's new packet filter is just that, new. In fact, it's newer than iptables/netfilter. Don't get me wrong, I'm not saying it's bad by any means, it just doesn't have the maturity of IPFilter, or even iptables/netfilter for that matter. They may run into some problems just like iptables has. Saying that pf/ipf are easier is your opinion. I find iptables easier to use because I find it easier to customize via scripting. I still use IPFilter on several machines. I like using to different packet filtering packages. How many banks use the same key for every door? (translation: if a bug is found in netfilter/iptables or IPFilter, you have the other one to back it up) I'm not certain about IPF/ PF being more powerful iptables. I haven't compared them feature for feature, so I don't know for sure (if that is what you mean by more powerful). I do know that pf has some nifty new features not found in IPFilter or iptables, but I haven't looked into them in-depth yet. Steve Bremer
