Firewall Wizards mailing list archives

Re: ipfwadm X ipchains

From: Danny Rathjens <dkr () corp vcn net>
Date: Wed, 15 Sep 1999 15:08:03 +0000

fgb () domain com br wrote:


Hi wizards,

Somebody can show me the advantages in migrating from ipfwadm to ipchains ?
Are the ipfwadm/ipchains a secure firewall or should I look for a commercial one ?

The difference is primarily the kernel code.  Those tools are just the interfaces
to that code.  Although ipchains and the whole chains concept makes things a
bit easier to conceptualize, IMHO.

From the ipchains how-to at http://www.rustcorp.com/linux/ipchains/HOWTO.html


1.2 Why? 

The older Linux firewalling code doesn't deal with fragments, has 32-bit counters
(on Intel at least), doesn't allow specification of protocols other than TCP, UDP
or ICMP, can't make large changes atomically, can't specify inverse rules, has
some quirks, and can be tough to manage (making it prone to user error). 

Official ipchains page:
http://www.rustcorp.com/linux/ipchains
-- 
Danny Rathjens  Programmer/Analyst  \/irtual Community |\|etwork
"I wake to sleep and take my waking slow.  
I learn by going where I have to go."  -- Roethke

Current thread:

ipfwadm X ipchains fgb (Sep 14)
- Re: ipfwadm X ipchains Jan van Rensburg (Sep 18)
  - Re: ipfwadm X ipchains Siglite (Sep 21)
- Re: ipfwadm X ipchains Danny Rathjens (Sep 18)
- Re: ipfwadm X ipchains altellez (Sep 21)
- <Possible follow-ups>
- Re: ipfwadm X ipchains dwelch (Sep 18)
  - Re: ipfwadm X ipchains William Stearns (Sep 19)
- Re: ipfwadm X ipchains dwelch (Sep 21)
  - Re: ipfwadm X ipchains William Stearns (Sep 21)