[olug] security and firewall/gateway
tetherow at nol.org
tetherow at nol.org
Thu Sep 13 19:53:43 UTC 2001
On 10 Sep, Mike Peterson wrote:
> iptables and ipchains cannot be run at the same time correct?
> one or the other must be running in the kernel and only one.
> Is there a threshold at which you need to switch from ipchains to iptables?
> Is it above or below 25 clients sharing the same gateway?
>
There is not a threshhold where you would switch. ipchains is a packet
filtering firewall where as iptables is a stateful inspection firewall.
If you don't know the difference, in a nutshell, stateful inspection
allows you to filter traffic based on more than the source, dest and
port, you can use things like 'Is this packet part of an existing
connection?' I personally feel that iptables is infinately easier to
maintain.
Also if you are using any form of NAT iptables is a better solution in
my opinion (MASQ is a simple as in ipchains)
------------------------------------------------------------------------
Sam Tetherow tetherow at nol.org
Director of Development
NIC Labs (IDG) http://www.nicusa.com
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list