On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:
- Does one have to understand IPtables any more (chapter 6)?
I use shorewall, which seems to me to make this bit of life much easier. Am I right in thinking shorewall is more or less the default Fedora firewall nowadays?
Shorewall is a graphical tool for configuring iptables (Netfilter) and is similar to Firestarter. Chapter 6 is constructed to "walk" a new user through the complexities of iptables and Linux firewalls, so they have an understanding of what happens at the "packet" level. Shorewall is a higher level GUI that configures iptables with mouse clicks.
I take your other points. But shorewall, at least as I use it, is not graphical at all. It provides 2 or 3 recipes - I use "two-interfaces" - and then it is easy to open any further ports with something like SSH/ACCEPT loc $FW HTTP/ACCEPT loc $FW in the "rules" file. (These use macro.SSH, macro,HTTP in /usr/share/shorewall . There are 20-30 macros for all conceivable services.)