Arun Binaykia wrote: > What's the big deal about shorewall. It claims to be a high level > firewall but as i see one still needs to know about networking, > interfaces,rules,zones etc. > If you are going to that depth why not just do iptables. It's almost the > same work. It seems that shorewall is just a wrapper of iptables. Yes, it is a wrapper for iptables. Yes, you need to know something about networking to use it to its full capabilities. But, you need not learn the semantics of iptables. > I do not intend to flame shorewall users/developers. Just trying to > understand. What's to understand? With the work done by the shorewall folk you need not learn the semantics of iptables. It also assists you in keeping the order straight.