[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: IPF/IPTable/??
From:       Brad Arlt <arlt () cpsc ! ucalgary ! ca>
Date:       2002-11-28 22:40:29
[Download RAW message or body]

On Thu, Nov 28, 2002 at 06:02:42AM +0900, ALBEE,RUSSELL. S FC2 (CV63 CS5) wrote:
> Which *NIX firewall software is the best to use in terms of sercurity and
> reliability?  IPF?  IPChains?  IPTables?

I consider Chains, Table, and Filter en par for stability.

Chains might be a little more stable, but how many 9s does one really
need?  Chains doesn't protect your network as well as Tables, so while
IPChains might keep your firewall running longer.  It might not keep
your network running longer, which is after all what your firewall is
supposed to do.

If you really mean "IPF" (circa Linux 2.0 kernel), and not IP Filters,
doen't use it.

The speed, flexablity, and statefulness of IP Tables (netfilter), make
it the best choice.

If you don't know what I am talking about when I say a 9, then you
want IPTables.  And you want to read more about all three so you can
an informed decision on the merits of each, rather than the
preferences of the masses.
-----------------------------------------------------------------------
   __o		Bradley Arlt			Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca		University Of Calgary
(_)/(_) 	I should be biking right now.	Computer Science

[prev in list] [next in list] [prev in thread] [next in thread]