On Thursday 12 September 2002 09:11 am, David J. Chase wrote: > A customer has the SuSE distribution but feels that the default firewall > doesn't have as many features as they want. It seems to only do network > address translation and they are also looking for packet filtering. Is > there a commercial firewall program available for Linux for zSeries? > Is there anything else you can tell me?
Don't confuse SuSE's default "starting point" firewall configuration with containing the total capabilities of IPTABLES. SuSE doesn't claim that their default config is comprehensive. IPTABLES can do a *lot* of neat things. IPTABLES is the current Linux packet filtering control utility. The actual filtering is within the kernel. IPTABLES replaces the older (kernel 2.2.x and earlier) IPCHAINS and IPFWADM which are both deprecated. Typically, packet filtering consists of a group of inter-related modules. It is rarely, if ever, built into a monolithic kernel. Fortunately, IPTABLES is similar enough to IPCHAINS that migration is typically not difficult. If you *really* need full backward compatibility, you can load the old ipchains.o kernel module instead of iptables.o and friends, and thereby actually use the old IPCHAINS commands. I don't recommend doing this as a general rule, especially for new installations. Migrate to IPTABLES. In addition to the IPTABLES HOWTO (also look for HOWTOs and Mini-HOWTOs on NAT and Packet Filtering -- there are several), you may also want to take a look at the tutorial presentation I did for SHARE Nashville. It's online on Sine Nomine's web site, in our Publications section. (URL in my tagline) I'll be presenting this introductory class also at IBM's VM/VSE Technical Conference (Miami, in October) as well, if you plan to attend that event. Kind regards, Scott -- ----------------------------------------------------------------------------- Scott D. Courtney, Senior Engineer Sine Nomine Associates [EMAIL PROTECTED] http://www.sinenomine.net/