Re: stateful inspection firewall

From: Cedric Blancher (
Date: 10/27/03

Date: Mon, 27 Oct 2003 17:12:09 +0100

Dans sa prose, Dario nous ecrivait :
> Does anybody know if the IPTables firewalling subsystem is a real stateful
> inspection one, like OpenBSD Packet Filter or Cisco PIX, or it is just a
> connection tracking firewall which just checks for connection ports and IP
> addresses?

Netfilter does not track TCP window such as pf. However, you can add this
feature using a patch distributed with iptables patch-o-matic.

> Is it somewhere available a recent and updated comparison in
> performance and feutures between IPTables and Packet Filter?

Dunno, but very interested ;)

