There are few reasons why IPTABLE is being adopted:
- The connection-tracking feature of IP Table is a very
useful thing. It can be
used to prevent most TCP hijackings for non-IP Masqueraded clients that
suffer from poor TCP sequence number randomization, such as Windows
systems, some UNIXes (notably SGI), some IBM system configurations,
and many older systems. Similarity, it can be used to prevent UDP packet
hijacking in the same way. This functionality can also prevent attackers from
injecting spurious ICMP packets for cracking and probing.
- Packets can now be matched based on
MAC address, the local process's
UID, Time To Live (TTL), or the rate of a class of packets being send.
These allow better detection and rejection of interlopers trying to inject
packets or scan a system.
- Incoming packets initiating TCP connections to your organization's servers
can be randomly distributed among a set of servers to spread the load. With
IP Tables, you can specify a text string to precede the logged message,
making figuring out why a packet was logged much easier.
- IP Tables has the ability to REDIRECT
packets like IP Chains does,
however it also has a generalized DNAT feature that allows arbitrary
changing of the destination IP address and port number. Thus, you can
actually disguise where packets of a given service go. This has uses
everywhere from Honey Pots and Tarpits to enforcing the use of a given
proxy server for web caching.