On Thursday 12 February 2004 01:32 pm, Ray Anderson wrote: > Is any one better than the other? > > I'm currently running a RedHat box that's soon to be replaced with a > Mandrake machine. Of course I threw out the Shorewall stuff in favor of > manually implementing the same Iptables ruleset(s) that I have for the RH > machine. Who wouldn't? :-) Actually, I recommend against using the Mandrake Shorewall two-interface configuration. a) it matches my documentation enough that cutting and pasting from the documentation doesn't produce errors; but b) it is different enough that the such cutting and pasting doesn't produce the desired results. > > Does Shorewall give any more protection or is it a simply complicated > front-end to iptables? My opinion is far from unbiased but here goes. Shorewall is a high-level tool for configuring netfilter. It uses the iptables utility to do so. As a result, it cannot offer any more protection than the iptables utility used alone can provide. As for being complicated, if you already understand iptables then Shorewall would be something else to learn. If you don't, then most people find Shorewall easier to learn. I definitely believe it to be easier to set up complex router/firewall configurations using Shorewall than it is using iptables directly unless you have spent a long time developing your own very flexible firewall/router framework (in other words, your own Shorewall-like facility). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx
