Re: ipfwadm X ipchains

[Siglite <siglite () criticalstop com>]

The only reason that I can think of to not move to the 2.2.x kernel and
ipchains is the free s/wan project.  The free s/wan vpn kernel mods
currently aren't running on the 2.2 kernels.  If you're not planning on
using free s/wan, I don't think it's a big difference security wise.  IMHO
I think the ipchains are a little easier to manage (just syntax wise, I
didn't find myself doing 'man ipchains' as often as I did 'man ipfwadm').
There's even a really nice gui for managing them if you're running the KDE
desktop environment.


/*-----------------------------------*/
/* I live with FEAR every day.       */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

KT Morgan
Network Engineer
Checkpoint Firewall-1 CCSA/CCSE
Microsoft MCP
Software Systems Group, Inc

On Wed, 15 Sep 1999, Jan van Rensburg wrote:

> fgb () domain com br wrote:
> > Hi wizards,
> >
> > Somebody can show me the advantages in migrating from ipfwadm to ipchains ?
> > Are the ipfwadm/ipchains a secure firewall or should I look for a commercial one ?
>
> well, i've looked into ipchains and the supposed benefits etc, but from
> a security point of view i can see no reason to change from ipfwadm to
> ipchains. there's some other reasons which might make it worth it:
> 1. the 2.0.x kernels won't be supported for too long. so you get the
> benefits of the new features/updates when you go to 2.2.x
> 2. ipchains is supposedley easier to manage and therefor less prone to
> user misconfiguration
>
> a good commercial product will definitely give you more
> flexibility/options, but if you have very basic needs linux or freebsd
> will do fine.
>
> -- 
> --jan van rensburg
>
> Oh what a tangled web we weave when
> we could've used perl but we used C.