Re: [suse-security] IPChains and IPTables
Hi,
From: BLeonhardt@analytek.de [mailto:BLeonhardt@analytek.de] .. IP-Chains can analyze if a packet is permitted to "go to the target system" or not ( if so, the packet will be dropped or routed )
yes. that's right.
.. IP-Tables can analyze all packets and Flags ( SYN, FIN, etc. ) no matter where the packets destination is ( if a rule will apply the packet will be dropped or routed )
basically yes. as far as this is concerned, ipchains and iptables are similar. packets, which arrive at the iptables/ipchains-host are dropped, rejected, accepted, forwarded ... according to the rules. ipchains also understands syn-flags: #ipchains -h ... [!] --syn -y match TCP packets only when SYN set ... # one main difference is, iptables keeps track of existing connections (connection-states). you may apply rules according to the state of the connection (NEW,ESTABLISHED,...), which may come in handy with udp-connections, since there are no such things as syns.
Thanks !
you're welcome :-)
Regards, Bruno Leonhardt
regards, stefan
participants (1)
-
Peer Stefan