Manlug meeting September 2007

15th September 2007

Shorewall -

Simon Hobson


Our speaker is Simon Hobson, who will be talking about Shorewall. Here is the outline from Simon:

From the FAQ:

What is Shorewall?

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode; as a consequence, Shorewall can take advantage of Netfilter's connection state tracking capabilities to create a stateful firewall.

I use Shorewall on every new Linux box I set up - it's on my home gateway/server, gateways for customers, and on several servers at work. I find it sits nicely in between "easy to use but ultimately limited" GUI based firewalls like Smoothwall, and the out and out hardcore geek approach of directly driving iptables.