On Mon, 2007-12-24 at 00:25 +0000, Timothy Murphy wrote:
On Sunday 23 December 2007 10:27:22 pm Miles Brennan wrote:
The shorewall package is an application designed to assist users in configuring iptables, in fact the structure of the files from what I have seen, mimic the iptables scripts to some extent.
Exactly. I found it quite difficult to set up iptables directly (this was before I read your HOWTO!) and more importantly I had no confidence that my iptables gave me reasonable security.
I'm not sure, as I said earlier, to what extent shorewall has become the standard way of setting up iptables. But I certainly think, if you are lazy like me, that it saves a lot of brain cells.
To whatever extent is possible, it would be good if the HOWTO used system-config-firewall, since that's the new and future tool. If you find places where s-c-fw falls short, you could file an enhancement bug or two. :-) Shorewall is in the repositories too, so you're good to go there.