BBS水木清华站∶精华区

发信人: zixia (Do you zixia tonight), 信区: Linux
标  题: 10. Differences Between iptables and ipchains                              he
发信站: BBS 水木清华站 (Wed Oct 11 01:18:40 2000) WWW-POST

   Next Previous Contents

     ----------------------------------------------------------------------

10. Differences Between iptables and ipchains
he

     * Firstly, the names of the built-in chains have changed from lower
case
       to UPPER case, because the INPUT and OUTPUT chains now only get
       locally-destined and locally-generated packets. They used to see all
       incoming and all outgoing packets respectively.
     * The `-i' flag now means the incoming interface, and only works in the
       INPUT and FORWARD chains. Rules in the FORWARD or OUTPUT chains that
       used `-i' should be changed to `-o'.
     * TCP and UDP ports now need to be spelled out with the --source-port
or
       --sport (or --destination-port/--dport) options, and must be placed
       after the `-p tcp' or `-p udp' options, as this loads the TCP or UDP
       extensions respectively.
     * The TCP -y flag is now --syn, and must be after `-p tcp'.
     * The DENY target is now DROP, finally.
     * Zeroing single chains while listing them works.
     * Zeroing built-in chains also clears policy counters.
     * Listing chains gives you the counters as an atomic snapshot.
     * REJECT and LOG are now extended targets, meaning they are separate
       kernel modules.                                                     s
     * Chain names can be up to 31 characters.
     * MASQ is now MASQUERADE and uses a different syntax. REDIRECT, while
n
       keeping the same name, has also undergone a syntax change. See the
       NAT-HOWTO for more information on how to configure both of these.
     * The -o option is no longer used to direct packets to the userspace
       device (see -i above). Packets are now sent to userspace via the
QUEUE
       target.
     * Probably heaps of other things I forgot.

     ----------------------------------------------------------------------

   Next Previous Contents
--
)))))))))))))))))))))))))))))))))))))))))))))))))))
        ((((((((((((生命的欢喜可以再影印一张吗?((((((((((((
        ))))))))))))老去的热情可以再拉皮整形吗?))))))))))))
        ((((((((((((病中的真理可以再传真校对吗?((((((((((((
        ))))))))))))死掉的爱情可以再输入键出吗?))))))))))))
        (((((((((((((((((((((((((((((((((((((((((((((((((((

※ 来源:·BBS 水木清华站 smth.org·[FROM: 202.112.45.49]