It may be OK but you will severely limit what you can do. If your security environment is simple, that will be fine. If it is not, user defined chains are a real blessing. We use them extensively in the ISCS project (http://iscs.sourceforge.net) to handle very complicated and frequently changing security configurations. In fact, they are the entire key to our access control magic and much of our automated NAT configuration.Hi, If I want to design a firewall for a network on a high end machine with lot of RAM and swap, is there any real use of user defined chains? I find them difficult so I would like to use only the built-in chains. Is that ok?
With warm regards, -Payal
Again, unless your environment is very simple, it is probably well worth your time to become very familiar with user defined chains. Oskar Andreasson has an excellent tutorial in the tutorials section of http://www.netfilter.org and there are training slide shows in the training section on the ISCS web page. Good luck - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@xxxxxxxxxxxxx
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
