Never used Shorewall and I'm sure your testament is not misplaced, Rodolfo. But treating a firewall as a black box without understanding at least the basic principles of the netfilter/iptables framework/syntax is not my cup of tea. Using Shorewall and then studying its scripts would be a good thing, though. I'm with Kevin who is taking a more studious approach.
Many many people are not willing to put in the time to learn that. However, I'm glad that Kevin is... that's why I was one of the people who went through the whole exercise with him, piece by piece and detail by detail. Now that he is done, the thing works, and he understands what he is doing better than before... *now* I comment to him that I feel changing the tool used would benefit him in the future. Reasonable process, methinks.
Cheers,
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
