On Tue, 2006-05-23 at 01:07 +0800, Ed Greshko wrote: > Arun Binaykia wrote: > > What's the big deal about shorewall. It claims to be a high level > > firewall but as i see one still needs to know about networking, > > interfaces,rules,zones etc. > > If you are going to that depth why not just do iptables. It's almost the > > same work. It seems that shorewall is just a wrapper of iptables. > > Yes, it is a wrapper for iptables. > > Yes, you need to know something about networking to use it to its full > capabilities. > > But, you need not learn the semantics of iptables. > > > I do not intend to flame shorewall users/developers. Just trying to > > understand. > > What's to understand? With the work done by the shorewall folk you need > not learn the semantics of iptables. It also assists you in keeping the > order straight. So with shorewall, I dont need to learn semantics of iptables, instead i need to learn semantics of shorewall. I am trying to understand why would one learn shorewall when iptables does the same thing ? iptables is the standard firewall that comes with kernel, it's not like showall provides a snazzy gui, or even abstraction from rules.