The Brennan Home Server HOWTO

Timothy Murphy gayleard at
Sat Dec 22 11:57:22 UTC 2007

On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:

> > 2. Does one have to understand IPtables any more (chapter 6)?
> > I use shorewall, which seems to me to make this bit of life much easier.
> > Am I right in thinking shorewall is more or less the default Fedora
> > firewall nowadays?
> Shorewall is a graphical tool for configuring iptables (Netfilter) and
> is similar to Firestarter. Chapter 6 is constructed to "walk" a new user
> through the complexities of iptables and Linux firewalls, so they have
> an understanding of what happens at the "packet" level. Shorewall is a
> higher level GUI that configures iptables with mouse clicks.

I take your other points.
But shorewall, at least as I use it, is not graphical at all.
It provides 2 or 3 recipes - I use "two-interfaces" -
and then it is easy to open any further ports with something like
	SSH/ACCEPT      loc             $FW
	HTTP/ACCEPT     loc             $FW
in the "rules" file.
(These use macro.SSH, macro,HTTP in /usr/share/shorewall .
There are 20-30 macros for all conceivable services.)

