- Shorewall
Shorewall (more appropriately the Shoreline Firewall) is an open source firewall tool for
Linux that builds upon theNetfilter (iptables/ipchains) system built into theLinux kernel , making it easier to manage more complex configuration schemes.Using an analogy understandable to programmers: Shorewall is to iptables, what C is to assembly language. It provides a higher level of abstraction for describing rules using text files.
Configuration
It is not a
daemon since it does not run continuously, but rather configures rules in the kernel that allow and disallow traffic through the system. Shorewall is configured through a group of plain-text configuration files and does not have agraphical user interface , though aWebmin module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and assist in testing.Use
Shorewall is mainly used in network installations (as opposed to a personal computer firewall), since most of its strength lies in its ability to work with "zones", such as the DMZ or a 'net' zone. Each zone would then have different rules, making it easy to have for example relaxed rules on the company
intranet , yet clamp down on traffic coming in from theinternet .The plain-text configuration files are usually well-commented and easy to use, though Shorewall may be more difficult for new users to handle than other firewall systems with graphical front-ends.
Current Version
The most recent stable version is 4.0.12. Starting with version 4, shorewall uses also a perl-based compiler frontend; previously it used only a shell-based compiler frontend.
External links
* [http://shorewall.net Shorewall Homepage]
Wikimedia Foundation. 2010.