Firewall Wizards mailing list archives
Re: IPChains vs. IPTables
From: Volker Tanger <volker.tanger () discon de>
Date: Thu, 25 Jul 2002 09:21:58 +0200
Greetings! Josh Welch wrote:
From: "Patrick Darden" <darden () armc org> >> IPTables allow content inspection (making sure port 80 traffic is > web, 21 is ftp, etc.), making it a little better than a mere packet
> > filter.
> Truthfully, though, with tunnelling, if you don't have tight access > lists then allowing any protocol access is just as secure via
> > packet filtering as packet inspection. Loki uses icmp; > > then there's ssl tunneling, ssh, and hosts of others....
> IPTables does not , to my understanding, do content inspection. It does state inspection, which IPChains does not, but does not check content. How would you check content with IPTables?.
There are some first (pre-alpha) patches for IPtables (2.5 kernel) that lay a foundation for packet data insprection. The "normal" IPtables only is a stateful (not inspection) packet filter, whereas IPchains only is a static (dumb) packet filter. For a detailed overview see
http://www.wyae.de/secure_gateway/gateways.html Bye Volker Tanger IT-Security Consulting -- discon gmbh WrangelstraĆe 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger () discon de http://www.discon.de/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPChains vs. IPTables Marc DVer (Jul 24)
- Re: IPChains vs. IPTables Patrick Darden (Jul 24)
- Re: IPChains vs. IPTables Josh Welch (Jul 24)
- Re: IPChains vs. IPTables Volker Tanger (Jul 25)
- Re: IPChains vs. IPTables Nimesh Vakharia (Jul 29)
- Re: IPChains vs. IPTables Josh Welch (Jul 24)
- Re: IPChains vs. IPTables Patrick Darden (Jul 24)
- Re: IPChains vs. IPTables Martin A. Brown (Jul 24)
- Re: IPChains vs. IPTables firewall-wizards (Jul 24)
- Re: IPChains vs. IPTables Brian Hatch (Jul 24)