On Thu, 25 Mar 1999, Lars G. T. Joergensen wrote:
> Sorry about the mixing of terms. But I hope the points gets across. That
> is that what is better with the "new" ipchains that have pop up in the
> 2.2.X kernels?
Primarily more flexibility.
You can filter any IP protocol explicitly, not just TCP, UDP, ICMP,
and ALL.
You can negate rules (e.g. "discard any outbound packets that don't
come from my registered IP" so that you aren't the source of spoofed
attacks).
You can set up multiple chains, which allows you to improve efficiency
(e.g. you're not comparing UDP packets to TCP rules, because they're
in different chains).
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
-----------------------------------------------------------------------
54 days until Star Wars episode I
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
