setting up nat
Arun Binaykia
arun at binaykia.com
Mon May 22 20:11:54 UTC 2006
On Tue, 2006-05-23 at 01:07 +0800, Ed Greshko wrote:
> Arun Binaykia wrote:
> > What's the big deal about shorewall. It claims to be a high level
> > firewall but as i see one still needs to know about networking,
> > interfaces,rules,zones etc.
> > If you are going to that depth why not just do iptables. It's almost the
> > same work. It seems that shorewall is just a wrapper of iptables.
>
> Yes, it is a wrapper for iptables.
>
> Yes, you need to know something about networking to use it to its full
> capabilities.
>
> But, you need not learn the semantics of iptables.
>
> > I do not intend to flame shorewall users/developers. Just trying to
> > understand.
>
> What's to understand? With the work done by the shorewall folk you need
> not learn the semantics of iptables. It also assists you in keeping the
> order straight.
So with shorewall, I dont need to learn semantics of iptables, instead i
need to learn semantics of shorewall. I am trying to understand why
would one learn shorewall when iptables does the same thing ? iptables
is the standard firewall that comes with kernel, it's not like showall
provides a snazzy gui, or even abstraction from rules.
More information about the users
mailing list