Voytek wrote:
Don't know. I'm a Debian guy so not enough experience with RH and relatives, sorry.BTW - what kernel are you using? Why don't you move to iptables?
Linux 2.4.20-28.7 #1 Thu Dec 18 11:31:59 EST 2003 i686 unknown # service iptables ipchains and iptables can not be used together. [WARNING]
there are several good reasons why I'm not moving to iptables; the 1st one is, I don't know how....
I guess, the default install used ipchains ? or, maybe I ticked a rwong
choice ?
what are advantges of moving ?I have to admit it wasn't stright-forward to find an answer. Two possible reasons
basically, this is web/mail/sql host, with just these services allowed
I could come up with are:
1. I suspect there is a speed advantage for iptables.
2. Get ready to move to 2.6 one day. It supports only iptables.
And finally, here is a comparison table I found: http://www.oofle.com/iptables.php?page=compare
Which looks pretty conclusive to me, two points which drew my attention:
1. Support for fragmented packets (there were various tricks used with fragmented
packets to circumnavigate around firewall rules).
2. Connection state (just looking at the "SYN" bit is not always enough).
Besides, there seems to be a plethora of GUI interfaces for iptables these days...:)
I'd be glad to hear what others think.
Does this answer your question?
Cheers,
--Amos
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
