Backward Compatibility

Yes, that's what I said—you can have your cake and even decorate it the way you want to. Rusty Russell, the Netfilter author, heard your pleas. A number of you who are still running 2.0.38 (because it was easier to stick with the old kernel and ipfwadm than it was to move to 2.2.x and learn ipchains) can stay with what you have. This also goes for the 2.2.17 folks and their ipchains rules.

That being said, not all the ipchains rules will work transparently via the ipchains Netfilter module. So, if some of you upgrade, you will have to learn the new rules sooner rather than later. But don't fret—you'll get a sane, simplified view today in this article and over the next few days. In fact, I'm excited about this because I personally think it's been done right this time.

I also need to warn you about one teensie, weensie little "gotcha." The instant you load the ipchains or ipfwadm modules, you can't load any other Netfilter modules, so you can't run your ipchains rules mixed with iptables rules.

