Jobst Schmalenbach was once rumoured to have said:
> On Thu, Jul 05, 2001 at 11:18:35AM +1000, Crossfire ([EMAIL PROTECTED]) wrote:
> > For firewalling, first learn about the IP protocol. TCP/IP
> > Illustrated by W.R. Stevens is still the best reference on the
> > protocol. Then you should start learning about how packet filters
> > work, and then you should start working out how to use packetfilters
> > to limit communications. I recommend starting with ipf or ipchains,
> > and only switching to iptables once you've gotten used to using
> > ipchains.
>
> What you said at the start is perfect, yet I disagree with what you said
> about ipchains/iptables (or gosh does this end up in a discusion aka
> learn pascal first then learn C ??? hehehehehe).
>
> IMHO ipchains teaches you "wrong things" eg the way packets flow.
> * Iptables has routing built in which makes a descision where
> packets go not interfering with the input chain.
> * In iptables the log target is better than the log rule.
> * Iptables has the reject target with rules how to reject (icpm)
> which is non existing in ipchains.
Then use ipf which does do things that way.
iptables is bad for people serious about learning because they'll use
the stateful rules and not learn about whats going on. If you're
serious about doing anything in this field, you need to understand how
to filter statelessly, since the majority of packetfilters work in
that manner.
ie: hard path first, then you can be lazy.
C.
--
--==============================================--
Crossfire | This email was brought to you
[EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
