Classnotes | UNIX03 | RecentChanges | Preferences Showing revision 1 IP Tables has many advantages over IP Chains. I would say that in most circumstances, you will want to use it instead of IP Chains, if for no other reason then because it will be better supported. However, there are some disadvantages that you should be aware of. Let's examine both the advantages and disadvantages.
Advantages
The connection-tracking feature of IP Table is a very useful thing. It can be used to prevent most TCP hijackings for non-IP Masqueraded clients that suffer from poor TCP sequence number randomization, such as Windows systems, some UNIXes (notably SGI), some IBM system configurations, and many older systems. Similarily, it can be used to prevent UDP packet hijacking in the same way. This functionality can also prevent attackers from injecting spurious ICMP packets for cracking and probing.
