Eh, iptables/chains are almost identical, in firewalling sense, but not in masquerading.
eg ipchains -I input -p icmp -j DENY becomes iptables -I INPUT -p icmp -j DROP
ie, you change the chain to caps, and deny to DROP. Pretty identical, including the --syn option. I have been able to convert all my ipchains rules to iptables without incident. My NAT boxes run on ipchains still, as some things still don't NAT properly under 2.4/iptables.
Whats really cool with iptables is that you can mark packets in the PREROUTING table, and use netfilter to do cool things like rate-limiting. See Advanced-Routing-HOWTO for more on this.
Regards
DanJ
----- Original Message ----- From: "Brett Parker" brettp@stu.uea.ac.uk To: alug@stu.uea.ac.uk Sent: Friday, June 15, 2001 10:46 AM Subject: Re: [Alug] basic routing/config NO-prob for mail
PS you don't fancy getting IP firewalling working on my box on sunday, I'm stuck.
iptables or ipchains? I've got a nicely downloaded bash script for IP tables laying about if you want it, its worked for me for a while now (basically since shifting to kernel 2.4). I use it because I haven't had time as yet to get my head round iptables, ipchains where far simpler in comparison.
Cheers,
Brett
alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/
http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug
See the website for instructions on digest or unsub!