LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/IPCHAINS-HOWTO-1.html

85 lines
3.4 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Linux IPCHAINS-HOWTO: Introduction</TITLE>
<LINK HREF="IPCHAINS-HOWTO-2.html" REL=next>
<LINK HREF="IPCHAINS-HOWTO.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="IPCHAINS-HOWTO-2.html">Next</A>
Previous
<A HREF="IPCHAINS-HOWTO.html#toc1">Contents</A>
<HR>
<H2><A NAME="intro"></A> <A NAME="s1">1. Introduction</A></H2>
<P>This is the Linux IPCHAINS-HOWTO; see
<A HREF="#intro-where">Where?</A>
for the master site, which contains the latest copy. You should read
the Linux NET-3-HOWTO as well. The IP-Masquerading HOWTO, the
PPP-HOWTO, the Ethernet-HOWTO and the Firewall HOWTO might make
interesting reading. (Then again, so might the alt.fan.bigfoot FAQ).
<P>
<P>If packet filtering is passe to you, read Section
<A HREF="#intro-why">Why?</A>, Section
<A HREF="IPCHAINS-HOWTO-2.html#basics-how">How?</A>, and
scan through the titles in Section
<A HREF="IPCHAINS-HOWTO-4.html#core">IP Firewalling Chains</A>.
<P>
<P>If you are converting from <CODE>ipfwadm</CODE>, read Section
<A HREF="#intro">Introduction</A>, Section
<A HREF="IPCHAINS-HOWTO-2.html#basics-how">How?</A>, and
Appendices in section
<A HREF="IPCHAINS-HOWTO-8.html#ipfwadm-diff">Differences between ipchains and ipfwadm</A> and section
<A HREF="IPCHAINS-HOWTO-9.html#upgrade">Using the `ipfwadm-wrapper' script</A>.
<P>
<H2><A NAME="ss1.1">1.1 What?</A>
</H2>
<P>Linux <CODE>ipchains</CODE> is a rewrite of the Linux IPv4 firewalling code
(which was mainly stolen from BSD) and a rewrite of <CODE>ipfwadm</CODE>,
which was a rewrite of BSD's <CODE>ipfw</CODE>, I believe. It is required to
administer the IP packet filters in Linux kernel versions 2.1.102 and
above.
<P>
<H2><A NAME="intro-why"></A> <A NAME="ss1.2">1.2 Why?</A>
</H2>
<P>The older Linux firewalling code doesn't deal with fragments, has
32-bit counters (on Intel at least), doesn't allow specification of
protocols other than TCP, UDP or ICMP, can't make large changes
atomically, can't specify inverse rules, has some quirks, and can be
tough to manage (making it prone to user error).
<P>
<H2><A NAME="ss1.3">1.3 How?</A>
</H2>
<P>Currently the code is in the mainstream kernel from 2.1.102. For the
2.0 kernel series, you will need to download a kernel patch from the
web page. If your 2.0 kernel is more recent than the supplied patch,
the older patch should be OK; this part of the 2.0 kernels is fairly
stable (eg. the 2.0.34 kernel patch works just fine on the 2.0.35
kernel). Since the 2.0 patch is incompatible with the ipportfw and
ipautofw patches, I don't recommend applying it unless you really need
some functionality that ipchains offers.
<P>
<H2><A NAME="intro-where"></A> <A NAME="ss1.4">1.4 Where?</A>
</H2>
<P>The official page is in three places:
<A HREF="http://netfilter.filewatcher.org/ipchains">Thanks to Penguin Computing</A>
<A HREF="http://www.samba.org/netfilter/ipchains">Thanks to the SAMBA Team</A>
<A HREF="http://netfilter.kernelnotes.org/ipchains">Thanks to Jim Pick</A><P>
<P>There is a mailing list for bug reports, discussion, development and
usage. Join the mailing list by sending a message containing the word
``subscribe ipchains-list'' to subscribe at east.balius.com. To mail
to everyone on the list use ipchains-list at east.balius.com.
<P>
<HR>
<A HREF="IPCHAINS-HOWTO-2.html">Next</A>
Previous
<A HREF="IPCHAINS-HOWTO.html#toc1">Contents</A>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink