I'd asked others but the answers were conflicted...

As "stateful packet inspection" seems to be developed by checkpoint ? If so, is the linux implementation really "stateful" ?

If yes, then can iptables/netfilter be used as a replacement for checkpoint firewalls ? like samba for NT servers ?

many thanks

The answer is YES!!!!

visit www.netfilter.org and its documentation section to see a lot of positive press and proof about iptables' stateful-ness.

hello friends,


I want to create a firewall in linux and currently i am using

iptables but what is happening it wont allow large number of packets to be passed from it , the pc got hanged . if i use a packet generator tool and use it to my target pc having the fiirewall the pc got hanged.

so i am confused now what to do , is there any low level implementation of iptables like tool so that i can use it in my firewall .

i have also heard of stateful inspection but will it solve my
problem...


waiting eagerly for the reply.

have a nice time and thanx for yr reading.
good day
om shanti.

netfilter/iptables is a stateful packet-filtering firewall... any firewall that can "understand" what NEW, ESTABLISHED, and RELATED packets are is stateful...

what do you mean by "large number of packets"?? how much traffic are we talking about??

what do you mean by "the pc got hanged"??

post your iptables script here so someone can look at it and tell you if they see anything wrong with it...

iptables is used to configure netfilter, which works with the linux kernel, so i'm not sure what you mean when you ask for something "low level"...

if you answer these questions it'll be easier for someone to help you... you haven't given much info to work with so far... the more info you can provide about your setup and your situation, the better...

good luck...