Firewall Wizards mailing list archives

RE: Red Hat 7.1 and Iptables

From: Swift Griggs <ssgriggs () usa net>
Date: Tue, 12 Jun 2001 12:08:11 -0500 (CDT)

On Mon, 11 Jun 2001, Bruce Platt wrote:
-=>reliability  -- does what it's rules are defined to do,

I've personally used it very little since I prefer ipfilter/bsd (hokey
license or not). However, you should sift through the linux kernel mailing
list for problem reports. See if any of them apply to your configuration.

-=>repeatability -- does the same thing each time,

Again, look at the kernel mailing list. I can tell you that I've not
really had any problems, but that doesn't mean squat since I've only used
it in "other people's" configurations who wanted Linux. You should also
check the iptables homepage and see if there are list archives there. Look
at the bug reports. This is the kind of due diligence you should perform
yourself. Anecdotal reports from this list won't give you as much of a
clear picture as the actual bug reports from the developer's mailing
lists.

-=>ease of adding general proxies -- e.g. squid,

Same as anything else, you read the man page and setup redirection,
transparent proxying, or forwarding as needed for Squid. From reading the
code it seems that the developers seem to be a little more confident of
the networking in the 2.4 code in general. Judging from the rate at which
it's getting patched, I don't share their optimism.

-=>ease of adding in Free S/Wan,

IPtables works the same way regardless of Free S/Wan. They don't
interfere with each other's operation.


-=>integration with tools like Snort

Snort is an IDS system and has nothing to do with IP tables. It's an
application that examines traffic for signatures, and logs or snipes at
the TCP connections based on what it sees. Your IPTables rules might
effect it's operation, but no more or less than any other packet filter.

SWiFT GRiGGS | NiC SG1991 | PGP D38E3D91 | SSGRiGGS () USA NET
Non Illegitemus Carborundum.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Red Hat 7.1 and Iptables Bill Asher (Jun 08)
- Re: Red Hat 7.1 and Iptables Martin Peikert (Jun 11)
  - Re: Red Hat 7.1 and Iptables Peter Lukas (Jun 12)
- Re: Red Hat 7.1 and Iptables Luca Berra (Jun 11)
- Re: Red Hat 7.1 and Iptables tony bourke (Jun 11)
- Re: Red Hat 7.1 and Iptables tony bourke (Jun 11)
- <Possible follow-ups>
- RE: Red Hat 7.1 and Iptables mark . wiater (Jun 11)
  - RE: Red Hat 7.1 and Iptables Chris 'Chipper' Chiapusio (Jun 12)
- RE: Red Hat 7.1 and Iptables Bruce Platt (Jun 12)
  - Re: Red Hat 7.1 and Iptables Martin Peikert (Jun 14)
  - RE: Red Hat 7.1 and Iptables Swift Griggs (Jun 14)