The Brennan Home Server HOWTO
Miles Brennan
miles at brennan.id.au
Sun Dec 23 22:27:22 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Timothy Murphy wrote:
> On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:
>
>>> 2. Does one have to understand IPtables any more (chapter 6)?
>>> I use shorewall, which seems to me to make this bit of life much easier.
>>> Am I right in thinking shorewall is more or less the default Fedora
>>> firewall nowadays?
>> Shorewall is a graphical tool for configuring iptables (Netfilter) and
>> is similar to Firestarter. Chapter 6 is constructed to "walk" a new user
>> through the complexities of iptables and Linux firewalls, so they have
>> an understanding of what happens at the "packet" level. Shorewall is a
>> higher level GUI that configures iptables with mouse clicks.
>
> I take your other points.
> But shorewall, at least as I use it, is not graphical at all.
> It provides 2 or 3 recipes - I use "two-interfaces" -
> and then it is easy to open any further ports with something like
> SSH/ACCEPT loc $FW
> HTTP/ACCEPT loc $FW
> in the "rules" file.
> (These use macro.SSH, macro,HTTP in /usr/share/shorewall .
> There are 20-30 macros for all conceivable services.)
>
The shorewall package is an application designed to assist users in
configuring iptables, in fact the structure of the files from what I
have seen, mimic the iptables scripts to some extent.
At the end of the day however, if shorewall makes live easier for a home
user to establish a secure firewall, then theres no reason not to add it.
It could be added as an extra chapter, or better suited at the end of
the iptables chapter itself.
Cheers,
Miles
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHbuDKcSPa0xQu/fARApgtAKDDVk9G0bolPUvUax3j7kohGFnV6QCeJaIT
rZ2azXaWDLS5VTXZ1JJ0/Uw=
=EiC/
-----END PGP SIGNATURE-----
More information about the fedora-docs-list
mailing list