Re: ipchains X ipfw compatibility

To: "Ivan J. Varzinczak" <ivan@inf.ufpr.br>
Cc: debian-firewall@lists.debian.org, debian-security@lists.debian.org
Subject: Re: ipchains X ipfw compatibility
From: Andrei Ivanov <shadow@ns.biofarm.ro>
Date: Thu, 27 Apr 2000 17:18:00 +0300 (EEST)
Message-id: <[🔎] Pine.LNX.4.21.0004271713440.766-100000@ns.biofarm.ro>
In-reply-to: <[🔎] 14599.10074.555973.665301@animal.inf.ufpr.br>

On Wed, 26 Apr 2000, Ivan J. Varzinczak wrote:

> 
> Hello, everybody!
> 
> 	I'm translating a set of firewall rules from a BSD-Unix that
> uses ipfw to ipchains in linux 2.2.14.
> 	I have a rule that states the following:
> 
> 	/sbin/ipfw add 1051 pass tcp from any to any established
> 
> and I don't know how to translate this to ipchains, because of the
> option "established".
> 	May anyone give me any sugestions, please?
> 
> Thanks in advance!
> 
> 
I think BSD-Unix uses a state firewall. On linux 2.3.99, netfilter knows
 how to take actions based on the state of a
packet(NEW,ESTABLISHED,RELATED,INVALID). An example is given in its howto on 
http://netfilter.kernelnotes.org. I suggest you read it, and if you like
it, try it, but remember, it only works on a development kernel.

Reply to:

References:
- ipchains X ipfw compatibility
  - From: "Ivan J. Varzinczak" <ivan@inf.ufpr.br>

Prev by Date: Re: ipchains X ipfw compatibility
Previous by thread: Re: ipchains X ipfw compatibility
Index(es):
- Date
- Thread