Hmmm... Actually, echoWall and ShoreWall seem as though they would both benifit from aspects of each other. For instance, if ShoreWall is sufficiently modular, it would be easy for Scott to create ShoreWall modules for all of the standard applications echoWall is set up for.
This would, to me anyway, create a best-of-both-worlds setup, so beginning users could enable the applications they wanted, as in echoWall, and advanced users could add on to these with DMZs, tunnelling, accounting, and other things many users wouldn't need. As soon as I get a home and get a connection (living with the in-laws at the moment, and dialing in... it's killing me!) I plan on testing both echoWall and ShoreWall with my setup. But, as (I think, anyway) should happen much more in the open source world, authors of like-minded apps should get together and work with each other instead of reinventing the wheel. Wyatt > > On Sunday 06 January 2002 10:15 pm, Scott C. Best wrote: > > > > > Hope that answers your question! I'd be interested in > > hearing what the other package providers think about the > > "target user" thing. > > > > Neither Seawall nor Shorewall are specifically targeted at LEAF/LRP users > since both run on most Linux distributions. > > Seawall grew without any firm ideas about what it should (and should not) be. > I built the original Seawall scripts because I needed a firewall for my own > home office and made them available to others who had similar requirements. > > At its core, Seawall is a masquerading gateway and it works poorly (or not at > all) if you try to make it do something different. If I had to define a > target user for Seawall today, it would be a beginning to intermediate Linux > user with a single (static or dynamic) network IP address and who for one > reason or another, cannot move to a 2.4 kernel. > > With Shorewall (which only runs on 2.4 kernels), I have attempted to provide > a very flexible firewall framework at the expense of making it more difficult > for newbies to use. This approach was prompted by my frustration about all of > the things that Seawall can't do well. With Shorewall, I really don't have a > target user in mind -- I've tried to make it handle all of the various > (reasonable) requirements that I've seen since getting involved with > firewalls. > > To address the needs of the newbie, I have recently added parameterized > sample configurations for one-, two- and three-interface setups. With these, > the user replaces some of the Shorewall configuration files with files from > the appropriate sample then edits /etc/shorewall/params to match their > configuration. This makes it simple to set up simple configurations and > follows the design principle that "it must be simple to do simple things". > > I think that the idea of having a generalized firewall engine with add-ons > that provide different classes of users with different levels of abstraction > is a good one. It allows the advanced user to use the engine directly while > hiding the details from those users who don't need or want to know them. The > next step along this path is a Shorewall GUI that I'm currently working on. > > -Tom > -- > Tom Eastep \ A Firewall for Linux 2.4.* > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ [EMAIL PROTECTED] > ------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
