Ever since the Linux 2.0 days, folks have been using Linux instead of dedicated routers and firewalls. For small and medium-sized networks which needed packet filtering or network address translation (NAT), Linux proved to be an excellent solution. Back then, ipfwadm told the kernel which packets to accept, reject, and so on. The 2.2 kernel shipped with ipchains, a re-worked packet filtering infrastructure. ipchains was more flexible than its predecessor and quite a bit more complicated to use. If you need to brush up on packet filtering and ipchains, see the Best Defense column in our May 1999 issue (http://www.linux-mag.com/1999-05/bestdefense_01.html). Now that the 2.4 kernel is in wide use, it’s time to examine this topic again. The Netfilter project built iptables for 2.4 as the successor to ipchains.
Change, Change, Change…
Right now, you’re probably thinking, “Why should I have to learn yet another mechanism for configuring filtering and NAT? Maybe I should just buy a real router!” Don’t go running off to Cisco quite yet. The 2.4 kernel contains compatibility modules that allow you to configure filtering and NAT just as you did with 2.2. You don’t need to change anything unless you want to. If that’s the case, why should you take the time to learn about iptables? The design of iptables is simpler and easier to understand for both users and kernel hackers. It was created based on how people had actually been using the filtering and address translation features in…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
