iptables as a replacement for commercial enterprise firewalls
Posted by: Anonymous
on December 15, 2007 01:42 AM
iptables makes it easy to deploy simple or complex rules quickly via some scripts. We have a home brewed system that all I have to do it touch a certain file and a script dynamically writes the correct firewall for the box. With the logging, we can blacklist an ip or network in seconds across our whole network, world wide. The Natting is pretty simple which I like. You can also get some modules for it to extend it even further. The iptables interface leads its self to scripting or there are plenty of cool Perl mods to help. When you have a large distributed network, who wants to deal with thousands of firewalls in a GUI, or maintain all those and overly complicated config files. You cant even do this with windows unless you used weak ass IPSEC. iptables is truly a tribute to Linux and is one of the many things that makes Linux great.