Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14
What is the difference between iptables and ipchains? Is it possible to do SPI with these two?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319

    iptables, ipchains and SPI


    What is the difference between iptables and ipchains? Is it possible to do SPI with these two?
    The best things in life are free.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I thin I can summarize it by saying that ipchains is defunct and obsolete. It was used in the 2.2 kernels, and iptables includes all its functionality and extends it.

    What is SPI?

  3. #3
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Stateful Packet Inspection. It basically drops all packet if the packet wasn't requested from a network.
    The best things in life are free.

  4. #4
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Iptables supports that but I don't think ipchains does. I don't see any reason to use ipchains unless you are forced to use 2.2 kernel.

  5. #5
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Oh yeah, iptables can certainly do that. Just to provide some more info, see the man page iptables(8) and look up the "state" match extension.

  6. #6
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Is it safe to state that iptables can do everything and more than ipchains? I'm not understanding why most machines have both. I also read that if ipchains is enabled, it won't load iptables.
    The best things in life are free.

  7. #7
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I'd be extremely surprised if ipchains can do anything that iptables cannot.

    Many distributions still ship with both ipfwadm, ipchains and iptables; I don't know why. ipfwadm was the 2.0 equivalent.
    You can still compile compatibility modules for 2.4 that emulate ipfwadm or ipchains, but only when it comes to the userspace interface; they still use netfilter as the back end. And yes, the interface modules are mutually exclusive.

  8. #8
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Well, I'm using a Linksys router currently and it's really more trouble than anything. Things don't work right and I'm looking into using a Linux machine as proxy server.
    The best things in life are free.

  9. #9
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    That sounds like a really good idea, if you ask me.

  10. #10
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    If I use a Linux machine as a proxy, is it possible to have other servers set up the same machine without causing conflicts?
    The best things in life are free.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •