Firewall Wizards: Re: IPChains vs. IPTables

[Volker Tanger <volker.tanger () discon de>]

Greetings!

Josh Welch wrote:
> From: "Patrick Darden" <darden () armc org>
>  >
>  > IPTables allow content inspection (making sure port 80 traffic is 
>  > web, 21 is ftp, etc.), making it a little better than a mere packet 
>  > filter.
>  > Truthfully, though, with tunnelling, if you don't have tight access 
>  > lists then allowing any protocol access is just as secure via 
>  > packet filtering as packet inspection.  Loki uses icmp;
>  > then there's ssl tunneling, ssh, and hosts of others....
>  >
>
> IPTables does not , to my understanding, do content inspection. It does
> state inspection, which IPChains does not, but does not check content. How
> would you check content with IPTables?.
There are some first (pre-alpha) patches for IPtables (2.5 kernel) that 
lay a foundation for packet data insprection. The "normal" IPtables only 
is a stateful (not inspection) packet filter, whereas IPchains only is a 
static (dumb) packet filter. For a detailed overview see
http://www.wyae.de/secure_gateway/gateways.html

Bye

Volker Tanger
IT-Security Consulting

--
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461

volker.tanger () discon de
http://www.discon.de/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards