Re: setting up nat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-05-22 at 15:11 -0500, Arun Binaykia wrote:
> On Tue, 2006-05-23 at 01:07 +0800, Ed Greshko wrote:
> > Arun Binaykia wrote:
> > > What's the big deal about shorewall. It claims to be a high level
> > > firewall but as i see one still needs to know about networking,
> > > interfaces,rules,zones etc. 
> > > If you are going to that depth why not just do iptables. It's almost the
> > > same work. It seems that shorewall is just a wrapper of iptables.
> > 
> > Yes, it is a wrapper for iptables.
> > 
> > Yes, you need to know something about networking to use it to its full
> > capabilities.
> > 
> > But, you need not learn the semantics of iptables.
> > 
> > > I do not intend to flame shorewall users/developers. Just trying to
> > > understand. 
> > 
> > What's to understand?  With the work done by the shorewall folk you need
> > not learn the semantics of iptables.  It also assists you in keeping the
> > order straight.
> 
> So with shorewall, I dont need to learn semantics of iptables, instead i
> need to learn semantics of shorewall. I am trying to understand why
> would one learn shorewall when iptables does the same thing ? iptables
> is the standard firewall that comes with kernel, it's not like showall
> provides a snazzy gui, or even abstraction from rules.

Starting from a point at which you know neither iptables nor shorewall,
shorewall is *much* quicker and easier. It also builds in a lot of
expert knowledge about how to configure firewalls and will solve some
problems you didn't even know existed without you having to worry about
them.

Disclaimer: I am a very satisfied shorewall user.

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux