Iptables vs. Cisco PIX

Moritz Gartenmeister moritz.gartenmeister at access.unizh.ch
Wed Apr 13 12:33:20 CEST 2005


i'm using a pix at my border. i'm using it for NAT (as it is built for this) and for simple access 
control. behind the pix i run iptables for logging, shaping, filtering etc...

i would recommend cisco, if you need support, high avaibility, but no nice features.

if you need extra features as shaping, logging, scripting etc, then i would recommend iptables. you 
can do much more with iptables, but this brings up some problems (as compatibility, dependicies 
etc.), but if you are not happy with one feature, you can change it ;-)


More information about the netfilter mailing list