Re: IP-Filter on Linux

Ross Cameron wrote:
> Anyone recently compiled and used IP-Filter on a LFS/Slackware box?
>
> Would love to chat to you about how u got it working.
Me too - on any of the later 2.6.20+ versions.

On Wed, 27 Feb 2008, Steve Clark wrote:

>
>
> Ross Cameron wrote:
>> Anyone recently compiled and used IP-Filter on a LFS/Slackware box?
>>
>> Would love to chat to you about how u got it working.
> Me too - on any of the later 2.6.20+ versions.

Out of interest, why would you choose ipfilter over, say, iptables?

All of the firewalls and routers we've produced are Slackware-based and
use iptables and they work very well indeed. But recently I thought I'd
look at using an older Sun system with the ipfilter, ipnat, etc that's
bundled with Solaris 10 to replace an old firewall I use at home
(Slackware 8.1 with 2.4.18 kernel on a 120 MHz box with 10 Mbit/s NICs).
The reason for this was partly because my broadband connection speed has
gone up to 20 Mbit/s recently so I needed a faster box with 100 Mbit/s
NICs and because ipfilter seemed so much easier to configure than
iptables.

Unfortunately, after just 3 days on the Sun/ipfilter firewall, I've had to
revert to the old Linux/iptables box following complaints from my family.
They're Windoze users and ipnat alone seemed to break a lot of Windowsy
things that iptables handled without any special configuration. On the
other hand I only use *n*x kit (Linux, Solaris, IRIX, Tru64 & FreeBSD)
which got on fine with ipfilter, apart from ssh connections through it
dropping at random.

I just wondered why you preferred ipfilter over iptables.

Andy

-------------------------------------------
Andy Thomas,
Time Domain Systems

Tel: +44 (0)7866 556626
Fax: +44 (0)20 8372 2582
http://www.time-domain.co.uk