<br /> Ipfwadm and ipchains: is upgrade from slink safe ? – Debian Planet

Welcome to Debian Planet

News for Debian. Stuff that *really* matters


Debian Planet is hosted by Bluelinux Internet Services Ltd. Offering a special discounted rate for Free and Open Source software community members.

Buy your Debian merchandise at DebianShop.com.

These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Debian Weekly News — excellent news source!
  • Unofficial APT sources

  • Developers’ Corner
  • Community
    Need help? You’re not alone on this planet.

  • Planet Debian
  • debianHELP
    (User support site)

  • Debian Administration
    (SysAdmin resources)

  • Debian International
  • DebianForum.de

  • DebianForum.dk

  • EsDebian

  • DebianWorld

  • Debian-Fr

  • MaximumDebian

  • DebianItalia
  • DebianUsers

  • Debian-BR

  • DebianHOWTO

  • Russian Debian (Русский)
  • Debian-JP
  • Debian Suisse
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    General feedback should be sent to staff@debianplanet.org

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.oftc.net.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.


    Ipfwadm and ipchains: is upgrade from slink safe ?
    Submitted by Anonymous on Wednesday, November 08, 2000 – 20:17
    “I am running a slink production server which does ipmasquerading and firewalling.
    I’d like to know if upgrading to potato will
    break things or if the rules will be converted to ipchains’ format.
    Being a Debian fan, I think the upgrade will be ok, but anyway, are there known issues ?”
    It seems that ipchains provides backwards compatibility with ipfwadm, but it’s still an interresting question. As a development – how are people finding iptables in the 2.4.x kernels. 2.4.0 can’t be all that far away and we have another firewall system to nail down.

    Any pointers to good guides on upgrading firewalls?


    Control panel

    Comment viewing options:

    Select your prefered way to display the comments and click ‘Update settings’ to activate your changes.

    Subject: Re: Ipfwadm and ipchains: is upgrade from slink safe ?
    Author: juhtolv
    Date: Thursday, 2000/11/09 – 21:34
    I have had practically same firewall-script from the days of kernel-series 2.0.*. When I switched to 2.2.*-kernels, I took that old firewall-script, changed every ipfwadm to $TOOL. Then I added this text to the beginning of that script:

    if [ -f /proc/net/ip_fwchains ]; then
    elif [ -f /proc/net/ip_input ]; then
    echo It seems, that there is no firewall-support at all in your kernel, dork!
    Exiting… 1>&2
    exit 1

    And It Works For Me(TM), but YMMV

    [ Please login, or register ]

    Subject: Re: Ipfwadm and ipchains: is upgrade from slink safe ?
    Author: alex
    Date: Thursday, 2000/11/09 – 07:46
    In my experience no, the ipfwadm rules were not handled well by the ipchains wrapper in potato.

    How many ipfwadm rules do you have? It isn’t hard to convert them to ipchains by hand if you don’t have many. Try http://snafu.freedom.org/linux2.2/ for docs.

    Of course if you can stay with your old 2.0 kernel, you don’t need to change the rules at all, the ipfwadm rules will keep working. Also, the good news about 2.4, if you consider using that, is that although it has a new system again (iptables?) it also allows you to load ipchains or ipfwadm kernel modules. Again, you could load the appropriate module and you don’t have to change your rules at all.

    [ Please login, or register ]

    Search articles

    ·News (406)
    ·Features (5)
    ·Site News (16)
    ·HOWTOs (79)
    ·Tips (21)
    ·Opinion (29)
    ·Q & A (35)
    ·Sponsorship (1)
    ·Press Releases (5)

    Log in


    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-943 perl
    DSA-942 albatross
    DSA-903 unzip
    DSA-941 tuxpaint
    DSA-940 gpdf
    DSA-939 fetchmail
    DSA-938 koffice
    DSA-937 tetex-bin
    DSA-936 libextractor
    DSA-935 libapache2-mod-auth-pgsql

    Planet Debian
    Wouter Verhelst: On flames.
    Joachim Breitner: Fixing my planet.debian.org subscription
    Steve Kemp: She has the blood of reptile just underneath her skin
    Pierre Habouzit: Married …
    Pierre Habouzit: whitelister 0.4 (SPF) and aaege ….
    Pierre Habouzit: kde 3.4.1 upload
    Holger Levsen: In case you are running OpenWRT
    Michael Janssen: Shiny roofs are good for the environment!
    Matthew Palmer: Work it out yourself, dammit!
    Axel Beckert: Tell me which music you like and I tell who you are

    Debian Administration
    How do I prevent rebuilt packages from being upgraded?
    Disabling the print-screen key inside X?
    Monitoring your bandwidth usage with vnstat
    Ruby on Rails on Debian
    Choice for Virtual Private Servers?
    Monitoring your hardware’s temperature
    Sending mail with Exim from ‘dialup’ IP
    How to recover GRUB Debian Sarge after reinstalling Windows
    Getting a GUI
    Spam filtering with Pyzor and SpamBayes

    Latest poll: Which release scheme should Debian follow?
    Continue this way (release when ready)
    Give up on releasing
    Split the release up
    Speed the release up
    Crank the workload up (see DebianWiki ReleaseProposals for details on these)

    Total votes: 372
    0 comments · older polls

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal

    Debian Planet is not officially related to the Debian Project.
    Debian and the Debian logo are trademarks of Software in the Public Interest, Inc.