Slashdot Mirror
Migrating from IPChains to Netfilters?
lodn asks: "I've been using a Linux gateway for some time now. It's a simple kernel 2.2.18 install with IP forwarding. Thanks to the great HOWTO on IPchains I was able to configure it with no problems. Now I'd like to upgrade to kernel 2.4, however I have not been able to find a HOWTO for Netfilters! Does anyone know where such can be found?" Anyone know of any IPchain-to-Netfilter migration utilities? I must admit, I haven't been able to find much information about Netfilter usage either when I went looking into 2.4, however my firewall is also still 2.2. Time to upgrade, methinks.
Simply hitting Google and entering "netfilter howto" ?
All of the top 5 hits are directly relevant, and 2 of them are to the "Linux 2.4 packet filtering howto" and the "Linux 2.4 NAT howto"
*sigh* Another day, another totally unresearched "ask slashdot". You'd think the editors would bother spending 2 minutes checking if the question is trivial.
1. IP-Masquerading HOWTO is the promary source of information, not IP-Chains HOWTO.
2. Netfilter emulates ipchains and ipfwadm. There is no need to rewrite the rules.
What I did is simply use the ipchains support that is present in the 2.4 kernel, and use my existing ruleset. Works like a charm. When I feel the need, THEN I can rewrite it specifically for iptables. But for now, why bother?
I struggled with the conversion too and on a fluke I tried `man iptables`. There are diference but from the admin's point of view it's mostly syntax.
Here is what I suggest: Get a list of your ipchains, preferablye the command lines. Then view/print the iptables man page then one by one write the new iptables command lines. It isn't that hard and you'll learn a bit.