My dislike of iptables.

Written by vidarlo on 20070627 in english and rants and software with no comments.

Yes, iptables is extremly powerfull. According to some Linux with Iptables is even faster than BSD with PF.

Who cares. Writing iptables-rules is a pain. BSD’s packet filter is much easier, and more logical simply. Like the -d operator of iptables: yes, it is the destination. The destination marked in the IP packet header, not where you want your packet to go.

Of course, a lot of the problem is NAT in the first place…

Comments are closed.