Firewall Wizards mailing list archives

Re: IPChains vs. IPTables

From: "Josh Welch" <jwelch () buffalowildwings com>
Date: Wed, 24 Jul 2002 10:56:47 -0500

From: "Patrick Darden" <darden () armc org>


IPTables allow content inspection (making sure port 80 traffic is web, 21
is ftp, etc.), making it a little better than a mere packet filter.
Truthfully, though, with tunnelling, if you don't have tight access lists
then allowing any protocol access is just as secure via packet filtering
as packet inspection.  Loki uses icmp; then there's ssl tunneling, ssh,
and hosts of others....

--
--Patrick Darden                Internetworking Manager
--                              706.475.3312    darden () armc org
--                              Athens Regional Medical Center


IPTables does not , to my understanding, do content inspection. It does
state inspection, which IPChains does not, but does not check content. How
would you check content with IPTables?.

Josh

<snipped original question about differences in IPChains vs IPTables>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

IPChains vs. IPTables Marc DVer (Jul 24)
- Re: IPChains vs. IPTables Patrick Darden (Jul 24)
  - Re: IPChains vs. IPTables Josh Welch (Jul 24)
    - Re: IPChains vs. IPTables Volker Tanger (Jul 25)
    - Re: IPChains vs. IPTables Nimesh Vakharia (Jul 29)
- Re: IPChains vs. IPTables Martin A. Brown (Jul 24)
- Re: IPChains vs. IPTables firewall-wizards (Jul 24)
- Re: IPChains vs. IPTables Brian Hatch (Jul 24)