>>shorewall isn't a "real" firewall, rather a tool to help you make iptables
>>config files. Don't get me wrong though, shorewall is pretty nifty.
Okay..okay.. I stand corrected..
Real firewalls are hardware based firewalls right??
No, what Jesse meant is that Shorewall is not a firewall; it is a tool which writes iptables rules for you based on simple configuration files, so that you don't *have to* learn iptables. But the actual firewall being used is iptables (just as if you'd written the rules yourself), not Shorewall.
Hardware firewalls still run software inside them, remember. Sometimes that software is Linux, even. Just because you can't see what's inside, or because it comes in its own box, does not mean it's better. After all, I could tell you that my home firewall is a "real" firewall since it is a computer primarily dedicated to that one task: protecting my home network from outside intruders. Along the way it provides other services, such as DNS, DHCP, and NTP to the home network... but its primary task is that of a firewall. See my point?
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
