-----BEGIN PGP SIGNED MESSAGE-----
Timothy Murphy wrote:
On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:
>> 2. Does one have to understand IPtables any more (chapter 6)?
>> I use shorewall, which seems to me to make this bit of life much easier.
>> Am I right in thinking shorewall is more or less the default Fedora
>> firewall nowadays?
> Shorewall is a graphical tool for configuring iptables (Netfilter) and
> is similar to Firestarter. Chapter 6 is constructed to "walk" a new user
> through the complexities of iptables and Linux firewalls, so they have
> an understanding of what happens at the "packet" level. Shorewall is a
> higher level GUI that configures iptables with mouse clicks.
I take your other points.
But shorewall, at least as I use it, is not graphical at all.
It provides 2 or 3 recipes - I use "two-interfaces" -
and then it is easy to open any further ports with something like
SSH/ACCEPT loc $FW
HTTP/ACCEPT loc $FW
in the "rules" file.
(These use macro.SSH, macro,HTTP in /usr/share/shorewall .
There are 20-30 macros for all conceivable services.)
The shorewall package is an application designed to assist users in
configuring iptables, in fact the structure of the files from what I
have seen, mimic the iptables scripts to some extent.
At the end of the day however, if shorewall makes live easier for a home
user to establish a secure firewall, then theres no reason not to add it.
It could be added as an extra chapter, or better suited at the end of
the iptables chapter itself.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----