LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-12-2003, 11:45 PM   #1
newbieA
LQ Newbie
 
Registered: Sep 2003
Posts: 12

Rep: Reputation: 0
Smile Is iptables/netfilter stateful inspection firewall ?


I'd asked others but the answers were conflicted...

As "stateful packet inspection" seems to be developed by checkpoint ? If so, is the linux implementation really "stateful" ?

If yes, then can iptables/netfilter be used as a replacement for checkpoint firewalls ? like samba for NT servers ?

many thanks
 
Old 09-13-2003, 07:15 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 47
The answer is YES!!!!

visit www.netfilter.org and its documentation section to see a lot of positive press and proof about iptables' stateful-ness.
 
Old 02-11-2005, 08:15 PM   #3
bkankur
LQ Newbie
 
Registered: Feb 2005
Posts: 22

Rep: Reputation: 15
need your help

hello friends,


I want to create a firewall in linux and currently i am using

iptables but what is happening it wont allow large number of packets to be passed from it , the pc got hanged . if i use a packet generator tool and use it to my target pc having the fiirewall the pc got hanged.

so i am confused now what to do , is there any low level implementation of iptables like tool so that i can use it in my firewall .

i have also heard of stateful inspection but will it solve my
problem...


waiting eagerly for the reply.

have a nice time and thanx for yr reading.
good day
om shanti.
 
Old 02-11-2005, 09:32 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Re: need your help

Quote:
Originally posted by bkankur
I want to create a firewall in linux and currently i am using

iptables but what is happening it wont allow large number of packets to be passed from it , the pc got hanged . if i use a packet generator tool and use it to my target pc having the fiirewall the pc got hanged.

so i am confused now what to do , is there any low level implementation of iptables like tool so that i can use it in my firewall .

i have also heard of stateful inspection but will it solve my
problem...
netfilter/iptables is a stateful packet-filtering firewall... any firewall that can "understand" what NEW, ESTABLISHED, and RELATED packets are is stateful...

what do you mean by "large number of packets"?? how much traffic are we talking about??

what do you mean by "the pc got hanged"??

post your iptables script here so someone can look at it and tell you if they see anything wrong with it...

iptables is used to configure netfilter, which works with the linux kernel, so i'm not sure what you mean when you ask for something "low level"...

if you answer these questions it'll be easier for someone to help you... you haven't given much info to work with so far... the more info you can provide about your setup and your situation, the better...

good luck...

Last edited by win32sux; 02-11-2005 at 09:33 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stateful Packet Inspection Firewall (How could I tell)?? wardialer Linux - Security 9 02-10-2005 10:11 PM
Firewall with deep inspection Baltasar Linux - Networking 3 02-22-2004 10:07 PM
Is router plus stateful firewall enough? jxi Linux - Security 3 10-04-2003 09:22 AM
stateful packet inspection estranged0877 Linux - Security 1 01-28-2003 07:05 PM
Firewall, netfilter, iptables...? snowbaby Linux - Security 9 08-13-2002 04:22 AM


All times are GMT -5. The time now is 01:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration