[Samba] FireWall Effects on Samba (Newbie)

Frank Matthieß fm+samba at Microdata-POS.de
Mon Oct 7 12:08:01 GMT 2002


On Mon, Oct 07, 2002 at 07:05:14AM -0400, Joel Hammer wrote:
> ipchains and iptables are mutually exclusive.
> 
> ipchains is older technology. iptables is supposed to be a big improvement
> but I use ipchains because I know how to use it and they work for my
> needs.
> 
> The biggest advantage I know about for iptables is it allows much greater
> flexibility in controlling access to different ports. For example, with
> iptables you can control access to a port depending on the time of day.
> There is nothing in ipchains that allows that. With ipchains, you would have
> to write a fancy script called by hosts.allow to get that kind of
> flexibility. I would learn iptables.

It isn't the right place to discuss, but the greatest advantage of
iptables/netfilter is the "stateful injection", which means, the
firewall 'knows' the state of a connection. This is very easy to
understand and maintain.

Second, for the forwarding path, you don't need "in/out" rules to permit
traffic. You only need a forward rule. This is mouch more clear, than
the ipchains approach.

There is a 'ipchains to iptables' emulation available, so you are able
to use your old scripts with the new filter, but - right - mixing is not
possible.

Frank.
-- 
Frank Matthieß                                    fm+samba at Microdata-pos.de




More information about the samba mailing list