Karsten Bräckelmann wrote: > On Sat, 2008-11-29 at 18:21 -0500, Tom Allison wrote: >> Karsten Bräckelmann wrote: >>> On Thu, 2008-11-27 at 15:27 +0100, Christian Vieser wrote: > >>> To put it in other words: Isn't the shorewall configuration sufficient >>> to get a picture of allowed traffic? > >> I think he's looking for an independent third part. > > Maybe. Honestly, I don't think so, though, given in his original post > Christian asked for a > > > > tool for analyzing or visualizing the firewall ruleset (based on the >>>> shorewall configuration or output of iptables) > > So he would be happy with something visualizing his shorewall conf. > > >> The cheap answer -- have someone run nmap against your firewall. > > That will only show a tiny window, even of a rather trivial network.
The output of 'shorewall dump' tells you everything you ever need to know about your Shorewall configuration. Of course, you have to understand IP networking, Linux Networking and Netfilter in order to interpret the output. But you don't have to know anything about Shorewall! So I think that qualifies as "independent". ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
