LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/IP-Masquerade-HOWTO/iptables-vs-ipchains-vs-ipf...

216 lines
3.6 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>( IPTABLES vs. IPCHAINS vs. IPFWADM ) - Why do the 2.4.x, 2.2.x,
and 2.0.x kernels use different firewall systems?</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux IP Masquerade HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Frequently Asked Questions"
HREF="faq.html"><LINK
REL="PREVIOUS"
TITLE="( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can
do on 2.4.x kernels"
HREF="ipchains-on-2.4.x.html"><LINK
REL="NEXT"
TITLE="( Upgrades ) - I've just upgraded to the x.y.z kernel, why isn't IP
Masquerade working?"
HREF="upgrades.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux IP Masquerade HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="ipchains-on-2.4.x.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 7. Frequently Asked Questions</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="upgrades.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="IPTABLES-VS-IPCHAINS-VS-IPFWADM"
></A
>7.41. ( IPTABLES vs. IPCHAINS vs. IPFWADM ) - Why do the 2.4.x, 2.2.x,
and 2.0.x kernels use different firewall systems?</H1
><P
>IPTABLES supports the following features that IPCHAINS and IPFWADM doesn't:</P
><P
>&#13;<P
></P
><UL
><LI
><P
> Stateful IPv4 protocol and application tracking
</P
></LI
><LI
><P
> Stateful IPv6 protocol tracking
</P
></LI
><LI
><P
> True 1:1 and 1:Many NAT
</P
></LI
><LI
><P
> Built-in PORTFW functionality
</P
></LI
><LI
><P
> See the <A
HREF="kernel-2.4.x-requirements.html"
>Section 2.6</A
> section for
more details
</P
></LI
></UL
>&#13;</P
><P
>IPCHAINS supports the following features that IPFWADM doesn't:</P
><P
>&#13;<P
></P
><UL
><LI
><P
>"Quality of Service" (QoS support)</P
></LI
><LI
><P
>A TREE style chains system vs. LINEAR system like IPFWADM (Eg. this allows
something like "if it is ppp0, jump to this chain (which contains its own
difference set of rules)"</P
></LI
><LI
><P
>IPCHAINS is more flexible with configuration. For example, it has the "replace"
command (in addition to "insert" and "add"). You can also negate rules (e.g.
"discard any outbound packets that don't come from my registered IP" so that
you aren't the source of spoofed attacks).</P
></LI
><LI
><P
>IPCHAINS can filter any IP protocol explicitly, not just TCP, UDP, ICMP</P
></LI
></UL
>&#13;</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="ipchains-on-2.4.x.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="upgrades.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can
do on 2.4.x kernels</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="faq.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>( Upgrades ) - I've just upgraded to the x.y.z kernel, why isn't IP
Masquerade working?</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink