a. useful in network environment from security and practical

a.       According
to Ellingwood (2014), IPTables is a
standard firewall used in most Linux distributions. IPTables is
implemented as a set of layers on top of the kernel – level Netfilter framework
that allows callback functions attached to network events. Moreover, IPTables command prefers to
operate rules for those tables governing IPv4 traffic. 

In addition, IPTables functions by comparing network
traffic with following set of rules

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

1.      Define
characteristics for packet

2.      Establish
and determine packet

3.      Target
Action: Accept of Drop

4.      Form
chain (if needed)

(n.d.) listed some of the pros to employ firewall with IPTables:

Ø  Build internet firewalls
based on stateless and stateful packet filtering

Ø  Deploy highly available
stateless and stateful firewall clusters

Ø  In case of inadequate
public IP address, use NAT and masquerading for sharing internet access

Ø  Utilize NAT to implement
transparent proxies

Ø  Assist the TC and
IProute2 systems helpful to build sophisticated QoS and policy routers

Ø  Packet manipulation like
altering the TOS/DSCP/ECN bits of the IP header

Likewise, IPTables have
many features that make them useful in network environment from security and
practical viewpoint. Two different authors Stephens (2004) and Narula (2004)
explained IPTables features in their respective article. Connection tracking
feature was based on Stephens (2004) and Packet Marking on Narula (2004)

Connection Tracking: 

information based on source and destination IP address, ports, protocols, and

and eliminate reject intruders to inject packets or scan a system

Packet Marking

Create a
sophisticated policy based routine scheme based on combination with the Linux
iproute2 package

However, IPTables is
followed by many disadvantages as well. Below are listed some disadvantages
stated (Problems of IPTables,

1.      Problems loading modules as it
might either have been already loaded or requires to be statically assembled
into the kernel

2.      NEW IPTables command allows packets
with SYN bit unset, enter user’s firewall resulting to establishment of two or
more firewall.

3.      Certain TCP spoofing attackers use
Sequence Number Prediction to attack and predict other’s IP address

4.      Use of mIRC setting and IPTables
together, would leads for DCC connections error and firewall impede

Bellovin &
Cheswick (n.d.) enlightened the importance of Circuit Relay Firewall which is
as follows:

Access control
mechanism to ensure only one external host could connect to the gateway

Register number
of bytes and the TCP destination.

secrecy to private network.

Warm the users
on access from external unauthorized site

Aid internal
users access external connectivity through TCP service an outgoing proxy

Furthermore, few strategies have been presented in
securing communication based on SOCK package:

The client
programs must be modified to create a virtual circuit of proxy process

Continuation of
the circuit to allow secure passage through the filters

Actual destination
and source address must be sent in-line.