Re: iptables (mod -14/104)
by Dries Schellekens on Tue Mar 25 22:30:00 2003 (GMT)
I thought that IPTABLES did stateful inspection (http://www.sns.ias.edu/~jns/security/iptables/
mentions it does for instance).
Are you sure.
still is a patch and enabled by default.
In some Linux French Magazine some guy mentionned in some IPTABLES/NETFILTER vs PF comparison that :
- PF lacks some modules to follow some connections that Netfilter offers.
Example: IRC module (for DCC traffic)
Look at ports net/tircproxy
- PF lacks fronts-end (IPTABLES offer many)
There exist plenty of GUIs to create PF rules:
, ... (lots of tools are listed on
- PF lacks load-balancing
This is one of the new feature in OpenBSD 3.3.
[ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
Re: iptables (12/100) by Dries Schellekens on Tue Mar 25 22:32:00 2003 (GMT)
Add Story |
Copyright © 2004-2008
All rights reserved.
Articles and comments are copyright their respective authors,
submission implies license to publish on this web site.
Contents of the archive prior to April 2nd 2004 as well as images
and HTML templates were copied from the fabulous original
Jim's kind permission.
Some icons from slashdot.org
used with permission from Kathleen.
This journal runs as CGI with
on OpenBSD, the
source code is
Search engine is ht://Dig.
undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]