The Brennan Home Server HOWTO
miles at brennan.id.au
Sun Dec 23 22:27:22 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Timothy Murphy wrote:
> On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:
>>> 2. Does one have to understand IPtables any more (chapter 6)?
>>> I use shorewall, which seems to me to make this bit of life much easier.
>>> Am I right in thinking shorewall is more or less the default Fedora
>>> firewall nowadays?
>> Shorewall is a graphical tool for configuring iptables (Netfilter) and
>> is similar to Firestarter. Chapter 6 is constructed to "walk" a new user
>> through the complexities of iptables and Linux firewalls, so they have
>> an understanding of what happens at the "packet" level. Shorewall is a
>> higher level GUI that configures iptables with mouse clicks.
> I take your other points.
> But shorewall, at least as I use it, is not graphical at all.
> It provides 2 or 3 recipes - I use "two-interfaces" -
> and then it is easy to open any further ports with something like
> SSH/ACCEPT loc $FW
> HTTP/ACCEPT loc $FW
> in the "rules" file.
> (These use macro.SSH, macro,HTTP in /usr/share/shorewall .
> There are 20-30 macros for all conceivable services.)
The shorewall package is an application designed to assist users in
configuring iptables, in fact the structure of the files from what I
have seen, mimic the iptables scripts to some extent.
At the end of the day however, if shorewall makes live easier for a home
user to establish a secure firewall, then theres no reason not to add it.
It could be added as an extra chapter, or better suited at the end of
the iptables chapter itself.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the docs