[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] IPChains/IPTables - DROP or DENY..?
- Subject: [cobalt-security] IPChains/IPTables - DROP or DENY..?
- From: Scott F <scott_falco@xxxxxxxxx>
- Date: Sat, 11 Aug 2001 16:42:29 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks for your replies... I was finally able to
dig-up some concrete answers to this question, along
with the basic differences between IPChains and
IPTables.
Solution: IPChains does *NOT* recognize the "DROP"
command, as it was just introduced with IPTables. I'm
building a firebox based on the 2.4 kernel and
IPTables and this is what I've learned regarding some
new differences between IPTables and the older
IPChains:
- The DENY target is now DROP
- The TCP -y flag is now --syn, and must be after `-p
tcp'.
- REJECT and LOG are now extended targets, meaning
they are separate kernel modules.
- MASQ is now MASQUERADE and uses a different syntax.
Here's a list that might help someone in the future
regarding the changes between IPChains and IPTables:
http://my.netfilter.se/HOWTO/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-10.html
Thanks Again!
Scott
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/