[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] IPChains/IPTables - DROP or DENY..?

Subject: [cobalt-security] IPChains/IPTables - DROP or DENY..?
From: Scott F <scott_falco@xxxxxxxxx>
Date: Sat, 11 Aug 2001 16:42:29 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Thanks for your replies... I was finally able to
dig-up some concrete answers to this question, along
with the basic differences between IPChains and
IPTables.

Solution: IPChains does *NOT* recognize the "DROP"
command, as it was just introduced with IPTables. I'm
building a firebox based on the 2.4 kernel and
IPTables and this is what I've learned regarding some
new differences between IPTables and the older
IPChains:

- The DENY target is now DROP

- The TCP -y flag is now --syn, and must be after `-p
tcp'.

- REJECT and LOG are now extended targets, meaning
they are separate kernel modules.

- MASQ is now MASQUERADE and uses a different syntax.

Here's a list that might help someone in the future
regarding the changes between IPChains and IPTables:

http://my.netfilter.se/HOWTO/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-10.html

Thanks Again!
Scott

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Prev by Date: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
Next by Date: SV: [cobalt-security] OpenSSH 2.9p2 pkgs released
Previous by thread: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
Next by thread: [cobalt-security] Re: Codered2 and winnuke

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index