“Since the pace of change with Linux is so fast, Linux
has not typically been a platform of choice for firewall
implementations; while quick progress is good in many respects, it
also suggests a lack of stability. But the latest Linux kernel,
version 2.4, offers a number of improvements over the 2.2 kernel
that make Linux a viable alternative for corporate firewalls.
Netfilter, Linux’s in-kernel “packet mangling” infrastructure, and
iptables, the administrative tool that manages it, represent a
substantial improvement over ipchains , the previous option
available under the 2.2 kernel. Netfilter offers a much more
integrated and capable infrastructure than did ipchains, while
iptables offers reasonable backwards compatibility with ipchains
and ipfwadm rulesets while still offering administrators the
possibility of improving firewall implementations under Linux.When deciding on a firewall implementation, most Unix-savvy
administrators have usually chosen to use ipfilter on OpenBSD for
their combination of capabilities and stability, as the
capabilities of Linux’s packet-filtering infrastructure did not
match that of ipfilter. In particular, previous packet filters for
Linux were not stateful (meaning that they couldn’t relate requests
for information and responses to those requests) and didn’t offer
an integrated interface for packet filtering, address translation,
or other packet manipulation. This greatly complicated writing
firewall rules and, for common cases, significantly reduced the
desired level of security that the firewall could provide.Ipfwadm, the packet filter for the 2.0 series of the Linux
kernel, and ipchains, the packet filter for the Linux 2.2 kernel,
were relatively simple tools that did not meet the needs of most
corporate networks. They also suffered from a lack of integration;
packet filtering, support for common protocols such as RealAudio,
and masquerading–as network address translation (NAT) is called in
the Linux world) were all handled separately. All of this changed
with Netfilter and iptables.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.