Hi, I put OpenBSD on my firewall box a few months ago specifically for ipfilter. As Phil Brutsche said the latest ipfilter port for Linux is for the 2.0.x kernels, which is too old.
Pointless rambling.. I haven't looked back since moving for ipchains to ipfilter. My rules for ipchains were like 30 lines or more and the ipfilter rules are less than 10, mainly due to the fact that ipfilter is stateful (keeps track of how/when connections we're initiated) while ipchains is not. The nicest thing (among many) about ipfilter is I didn't have to open any ports at all to the network except what I wanted (because it is stateful). With ipchains I had to open 1024-65536 for general surfing. Within an hour or so of switching to ipfilter I started seeing attempts at certain high ports I had never seen blocked before. Unfortunately as far as I can tell netfilter won't be any different than ipchains, they just rewrote the code and changed the syntax. ...End pointless rambling Chris Schleifer P.S. I am by no means an expert on tcp or firewalls, so if I'm wrong someone correct me please. Bob Bernstein wrote: > > A thousand pardons if this has been a FAQ, but... > > Would someone be good enough to clue me in on the current status of the > ipfilter package as far as Linux is concerned? > > I've farted around the net looking for stuff and I keep coming up dry. I seem > to recall a kernel patch awhile back...<?> > > -- > Bob Bernstein > at http://www.ruptured-duck.com > Esmond, R.I., USA > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
