iptables vs. ipchains (ipfwadm)

R. David Whitlock ryandav at u.washington.edu
Tue Feb 6 08:05:23 PST 2001


I've had marvelously good success with the 2.4 firewall I set up.
Finally, no more seperated utilities for port forwarding! And no longer
do you have to feel inferior to the *BSD folk about the stateful vs packet
filter sorts of arguments... (g)

Honestly, the firewall I'm running now spends less time chugging on the
disk for some unknown reason, probably because I have a lot less logging
and all that going on, but at least it appears more efficient... I've no
idea how to test such things directly (straight-through performance, etc)

Anyone know of a good metric for that sort of thing?

iptables has some really good transition documents available, specifically
to help migration from one to the other. There are a few things you have
to upgrade along with the raw kernel, so it pays to watch the
dependencies in the README files.

-david

"If PacMan had affected us as kids, we'd be running around in dark rooms,
munching pills and listening to electronic music"
-iso


On Mon, 5 Feb 2001, Mike wrote:


> I'm curious if anyone here has as of yet installed and tried using

> iptables with kernel 2.4. I'm curious if the newly implemented stateful

> inspection can measurably increase performance. I'm thinking of a

> firewall with few chains and 10-20 rules per chain. If not I'll have to

> find out myself.

>

> ---------------------------

> -=<(| mike at boobaz.net |)>=-

>

>




More information about the Linux mailing list