Skip to content

My dislike of iptables.

Yes, iptables is extremly powerfull. According to some Linux with Iptables is even faster than BSD with PF.

Who cares. Writing iptables-rules is a pain. BSD’s packet filter is much easier, and more logical simply. Like the -d operator of iptables: yes, it is the destination. The destination marked in the IP packet header, not where you want your packet to go.

Of course, a lot of the problem is NAT in the first place…

[Digg] [Reddit] [Google] [StumbleUpon]

Post a Comment

Your email is never published nor shared. Required fields are marked *