Slashdot Mirror

← Back to Stories (view on slashdot.org)

Migrating from IPChains to Netfilters?

Posted by Cliff on from the upgrading-those-firewalls dept.

lodn asks: "I've been using a Linux gateway for some time now. It's a simple kernel 2.2.18 install with IP forwarding. Thanks to the great HOWTO on IPchains I was able to configure it with no problems. Now I'd like to upgrade to kernel 2.4, however I have not been able to find a HOWTO for Netfilters! Does anyone know where such can be found?" Anyone know of any IPchain-to-Netfilter migration utilities? I must admit, I haven't been able to find much information about Netfilter usage either when I went looking into 2.4, however my firewall is also still 2.2. Time to upgrade, methinks.

3 of 28 comments (clear)

  1. There is a HOWTO for netfilter by kyz · · Score: 5, Informative

    I have not been able to find a HOWTO for Netfilters!

    There is a HOWTO for netfilter. It's at http://netfilter.samba.org/unreliable-guides/, and it's called the Linux 2.4 Packet Filtering HOWTO. Also look at the Linux 2.4 NAT HOWTO while you're there.

    --
    Does my bum look big in this?
  2. Search freshmeat.net by LinuxGeek8 · · Score: 3, Informative

    In the Howto's only the basics are mentioned.
    In the manpage, lots of options are explained.
    For examples you will want to search freshmeat.net.

    A few of my bookmarks:
    http://www.lysator.liu.se
    http://64.39.18.129
    http://www.linuxsecurity.com

    And some example scripts you might not find on freshmeat.net:
    http://nerdfest.org
    http://chaosmongers.org

    --
    Well, don't worry about that. We can get you back before you leave. (Dr. Who)
  3. try http://netfilter.filewatcher.org/ by josepha48 · · Score: 4, Informative
    It is really easy.

    iptables -L will list the tables in the default chain. Then there is iptables -L -t nat and iptables -l -t mangle

    The best guide I found was http://netfilter.filewatcher.org/unreliable-guides /packet-filtering-HOWTO/index.html

    This explains how packet travers the filters which I though was easier than ipchains to learn. It also talks about using the ipchains module in 2.4 which means you can upgrade you kernel and keep your old firewall rules. It also goes over some of the basic options. This guide is mainly geared for using ip masquarading or now know as nat, but it is a great place to start. Also pick up a copy of last months Linux journal as they had an article on iptables.

    However I must warn you that once you go to iptables you may find it difficult to want to ever think of ipchains again. I know I do.

    --

    Only 'flamers' flame!