[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables FW under 2.4.0-test11


On Wed, Dec 20, 2000 at 09:08:14AM -0500, S . Salman Ahmed wrote:
> How is compiling in support for the natfilter components hard ?

Well, I suppose you should just read the help for all the
options.  I would have said it was hard, really.  (Then again,
I've compiled netfilter into kernels before, but never actually
used it yet :)

> A question about terminology, is netfilter == iptables ?

As far as I know, netfilter is the generic infrastructure in the
kernel that supports things like packet filtering, packet
mangling etc.  iptables is built on top of net filter to provide
packet filtering/mangling for IP.  netfilter is not restricted
to IP.

Just by the way, there is support in netfilter for ipchains and
ipfwadm backward compatibility modules.  i.e. if you want to
upgrade to 2.4, but you don't want to figure out iptables at the
same time, you could use the ipchains module and stick with your
ipchains rules.  Of course, ipfilter gives you more flexibility,
so you probably want to switch over to it at some point anyway,
so if you don't mind learning it now, that's probably the way to

Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to: