Yep... IPTABLES == IPCHAINS on Massive Steroids

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #86,409

by folkert

3/7/03 9:29:18 AM

Yep... IPTABLES == IPCHAINS on Massive Steroids

You get three TYPES of tables each possible of doing CHAINS... plus you can apply them PRE-ROUTING or POST-ROUTING... AWESOME...

And... AND... it is tremendously more scalable... it is actually less processor intensive as well...

For IPTABLES, you can do SNAT, DNAT, plain-ole NAT, MASQUERADING, Virtual Address Forwarding, Port forwarding, Address Mapping... defaults can be used to be Open - Except or Closed - Except... it is Stateful (wonderful there) and even that can be turned off... logging has 7 settings (no logging to "OHMYGAWD my 1TiB LOG Volume is Full Already in 20 minutes" setting)

Overall it can make traffic do anything you REALLY want it to do.

b4k4^2

[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT

[link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] [link|http://pascal.rockford.com:8888/SSK@kQMsmc74S0Tw3KHQiRQmDem0gAIPAgM/edcurry/1//|ED'S GHOST SPEAKS!]

[link|http://www.eweek.com/article2/0,3959,857673,00.asp|Writing on wall, Microsoft to develop apps for Linux by 2004]

Heimatland Geheime Staatspolizei reminds:
These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them.
"Questions" will be asked at safety checkpoints.

Linux ipchains firewall and VPN - (Arkadiy) - (9) - March 6, 2003, 06:13:53 PM EST

why not vpn from the linux box? -NT - (boxley) - (4) - March 6, 2003, 06:17:43 PM EST

Not really a good idea with IPCHAINS... - (folkert) - (2) - March 6, 2003, 08:16:48 PM EST

IP Tables is the newest incarnation? -NT - (Arkadiy) - (1) - March 7, 2003, 08:15:50 AM EST

Yep... IPTABLES == IPCHAINS on Massive Steroids - (folkert) - March 7, 2003, 09:29:18 AM EST

VPN client runs on the laptop, linux box is my firewall -NT - (Arkadiy) - March 7, 2003, 08:14:59 AM EST

Very similar to my setup. - (Brandioch) - (3) - March 7, 2003, 07:09:17 PM EST

Re: Very similar to my setup. - (Arkadiy) - (2) - March 7, 2003, 08:53:43 PM EST

Whoops. Correction. - (Brandioch) - (1) - March 7, 2003, 11:34:26 PM EST

The restriction on source port is in server - (Arkadiy) - March 9, 2003, 12:01:52 AM EST

iwethey.org

And then they ran out of time.
79 ms