[rescue] RFA: firewall

Jonathan C. Patschke jp at celestrion.net
Mon Jan 10 10:01:29 CST 2005

On Mon, 10 Jan 2005, Patrick Finnegan wrote:

> You should try using iptables-save and iptables-restore; it's much
> easier (and probably more readable).

Uh, no.

It's still the same prerouting/postrouting dnat/snat target/jump crap.
iptables is a fundamentally different way of expressing routing rules
from pf/ipf, and it's not a particularly sensible one.  At least it's
better than the crapola that the PIX uses.

