Wasn't there an ipchains ---> iptables compatibility mode?
Wasn't there an ipchains ---> iptables compatibility mode?
Posted Mar 24, 2009 18:40 UTC (Tue) by wstearns (subscriber, #4102)In reply to: Wasn't there an ipchains ---> iptables compatibility mode? by felixfix
Parent article: Nftables: a new packet filtering engine
I wrote userspace converters that respectively turned an ipfwadm firewall file into an ipchains firewall (ipfwadm2ipchains) or turned an ipchains firewall into an iptables firewall (ipchains2iptables). Neither created a perfect conversion (there are architectural differences in the firewalls that can't be perfectly converted), but both covered the majority of rules correctly.
The tools can be found at www.stearns.org/i2i/ . Like sausage, they're functional but ugly in their implementation.
-- Bill Stearns
Wasn't there an ipchains ---> iptables compatibility mode?
Posted Mar 25, 2009 1:00 UTC (Wed)
by dlang (guest, #313)
[Link] (1 responses)
Posted Mar 25, 2009 1:00 UTC (Wed) by dlang (guest, #313) [Link] (1 responses)
You are totally wrong
Posted Mar 26, 2009 7:51 UTC (Thu)
by khim (subscriber, #9252)
[Link]
Posted Mar 26, 2009 7:51 UTC (Thu) by khim (subscriber, #9252) [Link]
Google for "ipchains emulation" and you'll find tons of links to messages about problems with said in-kernel emulation. May be this is why you remember only conversion scripts? IPchains emulation was incomplete and ineffective - that's why most admins just converted scripts: it was easier to convert scripts then to fight problems in emulation. But is was there - that's for sure...