also sprach Adam Majer <adamm@galacticasoftware.com> [2002.01.16.0329 +0100]: > IMHO, the added flexibility of iptables beats makes 2.4 safer than 2.2 > - just just need to set up uptables Right. i agree with you fully. iptables has the potential to be called a firewall. ipchains is a level 4 packet filter. ipchains *can* interpret layer 7 for specific protocols (just like iptables), but a firewall these days *must* have state-tables and a concept of a TCP connection to be called one such. btw: i am overtly happy that iptables can simulate stateful UDP and ICMP!!! and best of all: it could do that before the "revolutionary" market leader, CheckPoint Firewall-1. they still go hyper on that awesome feature of theirs. they still use it as a selling point. it worked in iptables before CP even thought about it ;) oh, and CP's implementation isn't bugfree yet :) the NG version supposedly is the first one that can handle it correctly, and it's also the first to be able to do stateful ICMP. way to go, market leader CheckPoint! -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck scintillation is not always identification for an auric substance.
Attachment:
pgpPglSJnHhH2.pgp
Description: PGP signature