Tugger the SLUGger!SLUG Mailing List Archives

[chat] Re: [SLUG] Bandwidth monitoring summary


on 10/6/01 6:52 PM, Darrell Burkey at dazza@xxxxxxxxx wrote:

> BTW, I did discover that while RedHat 7.1 does support iptables, it appears
> to install the ipchains kernel module by default. Their doco states that if
> any ipchains rules are found during an upgrade that this will happen but
> others have told me it is the default and I think that is correct.

Yes, the ipchains kernel module is installed by default in RHL 7.1. The
iptables module is also available but is not activated until the ipchains
table is disabled (if memory serves correctly).

> Apparently to use iptables you have to unload the ipchains module, remove
> the ipchains rpm and load the iptables module with your scripts.

While you can definitely remove the ipchains RPM if you want to disable
ipchains in order to use iptables, it is not required. Just remove the
ipchains module. This is much easier than uninstalling the RPM, if you are
looking to just try iptables while still relying on ipchains for day-to-day
protection.

If you haven't looking into iptables, definitely check it out:

http://netfilter.samba.org/netfilter-faq.html
http://netfilter.samba.org/unreliable-guides

Assorted pre-configured iptables scripts:
http://www.linuxguruz.org/iptables

Stateful firewalling built into the kernel... Yummm...


truk