● 10. Differences Between iptables and ipchain - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: georgehill (清风浮云人生), 信区: Linux
标  题: 10. Differences Between iptables and ipchains
发信站: BBS 荔园晨风站 (Thu Oct 12 07:26:56 2000), 站内信件

【以下文字转载自 georgehill 的信箱】
【原文由 georgehill.bbs@smth.org 所发表】
发信人: zixia (Do you zixia tonight), 信区: Linux
标  题: 10. Differences Between iptables and ipchains
发信站: BBS 水木清华站 (Wed Oct 11 01:18:40 2000) WWW-POST

   Next Previous Contents

     ----------------------------------------------------------------------

10. Differences Between iptables and ipchains
he

     * Firstly, the names of the built-in chains have changed from lower
case
       to UPPER case, because the INPUT and OUTPUT chains now only get
       locally-destined and locally-generated packets. They used to see all
       incoming and all outgoing packets respectively.
     * The `-i' flag now means the incoming interface, and only works in the
       INPUT and FORWARD chains. Rules in the FORWARD or OUTPUT chains that
       used `-i' should be changed to `-o'.
     * TCP and UDP ports now need to be spelled out with the --source-port
or
       --sport (or --destination-port/--dport) options, and must be placed
       after the `-p tcp' or `-p udp' options, as this loads the TCP or UDP
       extensions respectively.
     * The TCP -y flag is now --syn, and must be after `-p tcp'.
     * The DENY target is now DROP, finally.
     * Zeroing single chains while listing them works.
     * Zeroing built-in chains also clears policy counters.
     * Listing chains gives you the counters as an atomic snapshot.
     * REJECT and LOG are now extended targets, meaning they are separate
       kernel modules.                                                     s
     * Chain names can be up to 31 characters.
     * MASQ is now MASQUERADE and uses a different syntax. REDIRECT, while
n
       keeping the same name, has also undergone a syntax change. See the
       NAT-HOWTO for more information on how to configure both of these.
     * The -o option is no longer used to direct packets to the userspace
       device (see -i above). Packets are now sent to userspace via the
QUEUE
       target.
     * Probably heaps of other things I forgot.

     ----------------------------------------------------------------------

   Next Previous Contents
--
        )))))))))))))))))))))))))))))))))))))))))))))))))))
        ((((((((((((生命的欢喜可以再影印一张吗?((((((((((((
        ))))))))))))老去的热情可以再拉皮整形吗?))))))))))))
        ((((((((((((病中的真理可以再传真校对吗?((((((((((((
        ))))))))))))死掉的爱情可以再输入键出吗?))))))))))))
        (((((((((((((((((((((((((((((((((((((((((((((((((((

※ 来源:·BBS 水木清华站 smth.org·[FROM: 202.112.45.49]
--
※ 转载:·BBS 荔园晨风站 bbs.szu.edu.cn·[FROM: 192.168.1.115]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店