[Shorewall-users] Three Cents Worth

Tom Eastep teastep@shorewall.net
Tue, 9 Apr 2002 07:49:01 -0700 (Pacific Daylight Time)


On Tue, 9 Apr 2002, Francesca C Smith wrote:

> Folks,
>
> There is a reason that most commercial firewalls still seem to be running on
> Ip-Chains and 2.2 kernel .. Its called too complicated to automate Ip-tables
> ...
>

Whatever the reason is for commercial firewalls still being on 2.2, it is
NOT that iptables is too complicated. Having implemented firewall products
on both 2.2 and 2.4 kernels, I can say without reservation that iptables
provides a much easier platform for firewall development. Shorewall's zone
paradygm would be virtually impossible to implement using ipchains.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net