For some time, I have been working half-heartedly on a document that details how Shorewall uses Netfilter. I have finally come to terms with the fact that I am changing Shorewall at a much faster rate than I am writing the paper with the result that the paper will never be finished. To try to help people understand the structure of a Shorewall-generated ruleset, I have therefore written a brief description of how packets are processed by Netfilter in the hopes that the description will allow you to study the output of "shorewall status" if you have an interest in learning more about Netfilter and Shorewall. The paper may be found at: http://shorewall.net/NetfilterOverview.html Feedback is welcome. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, It''s just about time to thank you once again for a great peace of software. What makes it uniq is the fact that you not only provide a good peace of software but it also comes along with very nice documentation. And still not enough, you provide the commmunity with excellent first level suppport. I still remember the time before shorewall when ipchains and iptables was a PITA for me. Shorewall has made my world much better! Thanks, Simon> For some time, I have been working half-heartedly on a document that > details how Shorewall uses Netfilter. I have finally come to terms with > the fact that I am changing Shorewall at a much faster rate than I am > writing the paper with the result that the paper will never be finished. > > To try to help people understand the structure of a Shorewall-generated > ruleset, I have therefore written a brief description of how packets are > processed by Netfilter in the hopes that the description will allow you > to study the output of "shorewall status" if you have an interest in > learning more about Netfilter and Shorewall. > > The paper may be found at: > > http://shorewall.net/NetfilterOverview.html > > Feedback is welcome. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Tom Eastep
2003-Oct-13 14:58 UTC
[Shorewall-announce] Re: [Shorewall-users] Short Netfilter Overview
On Mon, 2003-10-13 at 14:10, Simon Matter wrote:> It''s just about time to thank you once again for a great peace of > software. What makes it uniq is the fact that you not only provide a good > peace of software but it also comes along with very nice documentation. > And still not enough, you provide the commmunity with excellent first > level suppport. I still remember the time before shorewall when ipchains > and iptables was a PITA for me. Shorewall has made my world much better!Thanks Simon -- and one again, thank *you* for your contributions to Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Steven Jan Springl
2003-Oct-14 12:49 UTC
[Shorewall-users] Re: [Shorewall-announce] Short Netfilter Overview
On Monday 13 October 2003 21:13, Tom Eastep wrote:> For some time, I have been working half-heartedly on a document that > details how Shorewall uses Netfilter. I have finally come to terms with > the fact that I am changing Shorewall at a much faster rate than I am > writing the paper with the result that the paper will never be finished. > > To try to help people understand the structure of a Shorewall-generated > ruleset, I have therefore written a brief description of how packets are > processed by Netfilter in the hopes that the description will allow you > to study the output of "shorewall status" if you have an interest in > learning more about Netfilter and Shorewall. > > The paper may be found at: > > http://shorewall.net/NetfilterOverview.html > > Feedback is welcome. > > -TomTom; I have read the document and found it useful. However the following sentence seems to suggest the chain is (Mangle) and the table is (INPUT), when previously (Mangle) was a table and (INPUT) a chain. When a chain is enclosed in parentheses, Shorewall does not use the named chain (Mangle) in that table (INPUT). Am I missing something? Regards; Steven.
Tom Eastep
2003-Oct-14 12:59 UTC
[Shorewall-users] Re: [Shorewall-announce] Short Netfilter Overview
On Tue, 2003-10-14 at 12:52, Steven Jan Springl wrote:> I have read the document and found it useful. However the following > sentence seems to suggest the chain is (Mangle) and the table is (INPUT), > when previously (Mangle) was a table and (INPUT) a chain. > > When a chain is enclosed in parentheses, Shorewall does not use the named > chain (Mangle) in that table (INPUT). > > Am I missing something?No -- I wrote the sentence incorrectly. Thanks! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net