On Mon, 2006-05-22 at 15:11 -0500, Arun Binaykia wrote: > On Tue, 2006-05-23 at 01:07 +0800, Ed Greshko wrote: > > Arun Binaykia wrote: > > > What's the big deal about shorewall. It claims to be a high level > > > firewall but as i see one still needs to know about networking, > > > interfaces,rules,zones etc. > > > If you are going to that depth why not just do iptables. It's almost the > > > same work. It seems that shorewall is just a wrapper of iptables. > > > > Yes, it is a wrapper for iptables. > > > > Yes, you need to know something about networking to use it to its full > > capabilities. > > > > But, you need not learn the semantics of iptables. > > > > > I do not intend to flame shorewall users/developers. Just trying to > > > understand. > > > > What's to understand? With the work done by the shorewall folk you need > > not learn the semantics of iptables. It also assists you in keeping the > > order straight. > > So with shorewall, I dont need to learn semantics of iptables, instead i > need to learn semantics of shorewall. I am trying to understand why > would one learn shorewall when iptables does the same thing ? iptables > is the standard firewall that comes with kernel, it's not like showall > provides a snazzy gui, or even abstraction from rules. Starting from a point at which you know neither iptables nor shorewall, shorewall is *much* quicker and easier. It also builds in a lot of expert knowledge about how to configure firewalls and will solve some problems you didn't even know existed without you having to worry about them. Disclaimer: I am a very satisfied shorewall user. Paul.