On 1/15/26 12:08, Hosney Osman wrote:
Dear Erich .,
iptable is easy to understand
shorwall i finally perform successful installation
but for example in iptable the first point i actually do is
drip inbound - outbound and forwarding traffic
then i open by request what is needed one by one
did you got my point
i need to understand shorwall also but i can't find easy guide to make
itas start point
Honestly, if you already understand iptables well, why do you want
Shorewall in the first place?
I run shorewall because after years of running a lightweight OpenBSD box
as a firewall using pf, I found shorewall's syntax as clear, easy and
human-readable as pf's. It took me less than a day to learn enough
about shorewall to get a new firewall up and running. By contrast I
find iptables/ipchains/netfilter to be horribly arcane, user-hostile and
incomprehensible. It's a grammar seemingly never designed with any
thought for anything *but* the kernel being able to read it without
great effort.
If netfilter is the machine language of Linux firewalling, then
Shorewall is a high-level language compiler. It takes rules written in
a human-readable grammar and compiles them into netfilter's machine
language (iptables/ipchains).
If you understand iptables but somehow find yourself unable to grasp
Shorewall's documentation, then honestly, the best suggestion I can
offer is to go and read the O'Reilly book Practical Linux Security,
which is written around using Shorewall:
https://www.oreilly.com/library/view/practical-linux-security/9781789138399/b15f14b7-b3d0-48ef-881f-e407af69186a.xhtml
--
Phil Stracchino
Fenian House Publishing
[email protected]
[email protected]
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
