[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains deprecated?

Not quite.

There is an ipchains (and ipfwadm, as well) module for netfilter 
that lets you use ipchains (or ipfwadm) instead of the new iptable
stuff that is more standard for netfilter; using those compatibility
modules prevents the use of the new tools and other new modules, so
I'd suggest using them only for the first phase of an upgrade, and
then converting your old ipchains calls to iptable et al.

On Mon, Dec 20, 1999 at 03:24:03PM -0700, Ivan E. Moore II wrote:
> From the reading I've done the command line functionality of netfilter (2.3
> fw code) will be similar to ipchains..and that if you know ipchains you should
> be able to migrate easily to netfilter.
> Ivan
> On Mon, Dec 20, 1999 at 11:16:47AM -0800, ^chewie wrote:
> > On Mon, 20 Dec 1999, Michael Meskes wrote:
> > 
> > > Is ipchains already deprecated? I just read that the networking code has
> > > been changed yet again for kernel 2.3. Does it still make sense to set
> > > up a firewall using ipchains or is it a better idea to set it up with a
> > > development kernel now?
> > 
> > Yes it is deprecated w/the new 2.4 version of the kernel.  No, I would not
> > go to the unstable kernel just for that reason alone.  Ipchains may be a
> > bit confusing, but it is astoundingly similar to CISCO's own ip filtering
> > rules.  Learning IP-Chains has given me a much better understanding of
> > TCP/IP than I possibly could have learned from any book or lecture.
> > 
> > If you're concerned about deprecation, don't worry too much.  There are
> > enough users out there and developers who will likely write a wrapper
> > script to port the old 2.0 and 2.2 kernel firewall rules into the new 2.4.

Elie Rosenblum                 That is not dead which can eternal lie,
http://www.cosanostra.net   And with strange aeons even death may die.
Admin / Mercenary / System Programmer             - _The Necronomicon_

Reply to: