Operating System - Linux
1839147 Members
2796 Online
110136 Solutions
New Discussion

Re: Upgrade from IP chains to IP tables

 
mjsunil
Advisor

Upgrade from IP chains to IP tables

Hi, I want to upgrade from ipchains to iptables is there any tool or an easy way to move all the rules from ipchains to iptables
2 REPLIES 2
Alexander Chuzhoy
Honored Contributor

Re: Upgrade from IP chains to IP tables

what version of linux do you use?
generally
rpm -Uvh iptables-version to install the package of iptables
then
chkconfig ipchains off
chkconfig --del ipchains
to stop using ipchains
chkconfig --add iptables
chkconfig iptables on
to start using iptables
Stuart Browne
Honored Contributor

Re: Upgrade from IP chains to IP tables

The hardest part about converting from IPCHains to IPTables is the translating of the rules.

For the most part, the commands are silmiar.

DIfferences lie in the names of the chains (INPUT instead of input, etc.), the way masquerading/NAT work, the fact that there are different tables to put rules in, and that the flow of traffic is slightly different.

Some fundamentels to get you going:

http://www.netfilter.org/documentation/

The HOWTO's here are brilliant.

Basic things to know...

The 'forward' (FORWARD in iptables) chain doesn't see everything. Just stuff of which gets passed from one interface to the other.

Under IPChains, the Forward chain saw everything, including things that were destined for the firewall box. This is not the case in IPTables.

DENY isn't about any more. You want DROP.

'-m ' are your friends! The 'state' module is nearly indespensable!

If you have sepecific issues with rules, post 'em here, we'll give you a hand.
One long-haired git at your service...