On Thu, Jul 05, 2001 at 11:18:35AM +1000, Crossfire ([EMAIL PROTECTED]) wrote:
> Booth, Christopher (Aus) - ATP was once rumoured to have said:
[snip]
> For firewalling, first learn about the IP protocol. TCP/IP
> Illustrated by W.R. Stevens is still the best reference on the
> protocol. Then you should start learning about how packet filters
> work, and then you should start working out how to use packetfilters
> to limit communications. I recommend starting with ipf or ipchains,
> and only switching to iptables once you've gotten used to using
> ipchains.
What you said at the start is perfect, yet I disagree with what you said
about ipchains/iptables (or gosh does this end up in a discusion aka
learn pascal first then learn C ??? hehehehehe).
IMHO ipchains teaches you "wrong things" eg the way packets flow.
* Iptables has routing built in which makes a descision where
packets go not interfering with the input chain.
* In iptables the log target is better than the log rule.
* Iptables has the reject target with rules how to reject (icpm)
which is non existing in ipchains.
I would go straight to iptables, skipping ipchains.
When I started using iptables I had a few questions amongst
"why have two similar packages". Rusty (the maker of ipchains) ansered
that ipchains will be phased out; if you already have ipchains you
can stick with it for a while, but if you new go with iptables.
jobst
PS: (I went stright to C ;-)), skipping pascal)
--
Goldwaithe's lemma of Murphy's third law: The line in which you are waiting is always
the slowest. If you move, the line you move to stops. If you move back, both lines
stop, and everyone is angry with you.
| __, Jobst Schmalenbach, [EMAIL PROTECTED], Technical Director|
| _ _.--'-n_/ Barrett Consulting Group P/L & The Meditation Room P/L |
|-(_)------(_)= +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia|
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
