Hi Folks, Just subscribed as I am confused about shorewall... Here''s my story (in a nutshell) I''ve inherited a shorewall configuration on a few systems. However, documentation is not available and I don''t know shorewall at all. So, at first I started digging in the man pages, configuration files, the shorewall website and searched the net with google and I thought I got a feeling of how the applications works However, there are some questions which I cannot get answered ( Or I am asking the wrong kind of questions, that''s possible also) Anyway, for now I would like to know : - Hoe does shorewall stand against iptables ? Does it need iptables or do both programs co-exist nicely ? - How are chains defined in shorewall ? I get a lot of output when I do a ''shorewall show'', but I cannot figure out where the chains come from. Or are they the result of shorewall combining the config from the policy config file ? That''s it for starters. Hope you guys can help me out or point me in the right direction. cheers, Andy ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
> - Hoe does shorewall stand against iptables ? Does it need iptables or do > both programs co-exist nicely ?I''m sure others can answer this question better than me but, crudely put, shorewall is a tool for configuring iptable rules. You need iptiables installed. When you run shorewall it builds the rules and then retires. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi David, Thanks for the answer. When I run iptables -L, I don''t see any rules. Shouldn''t the rules generated by shorewall be visible in iptables ? cheers, Andy 2012/2/8 David Watkins <watkinshome@gmail.com>> > - Hoe does shorewall stand against iptables ? Does it need iptables or do > > both programs co-exist nicely ? > > I''m sure others can answer this question better than me but, crudely > put, shorewall is a tool for configuring iptable rules. > > You need iptiables installed. When you run shorewall it builds the > rules and then retires. > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On 8 February 2012 12:03, Andy Kannberg <andy.kannberg@gmail.com> wrote:> Hi David, > > Thanks for the answer. When I run iptables -L, I don''t see any rules. > Shouldn''t the rules generated by shorewall be visible in iptables ?I''d say so, yes. I certainly can. Are you saying iptables -L returns nothing, or that you can''t see any of the rules defined in the shorewall/rules file? ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
2012/2/8 David Watkins <watkinshome@gmail.com>> On 8 February 2012 12:03, Andy Kannberg <andy.kannberg@gmail.com> wrote: > > Hi David, > > > > Thanks for the answer. When I run iptables -L, I don''t see any rules. > > Shouldn''t the rules generated by shorewall be visible in iptables ? > > I''d say so, yes. I certainly can. > > Are you saying iptables -L returns nothing, or that you can''t see any > of the rules defined in the shorewall/rules file? > >David, please ignore that last question.....iptables -L does give the same output as ''shorewall show'' does ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Robert K Coffman Jr. -Info From Data Corp.
2012-Feb-08 15:46 UTC
Re: shorewall noob question
Andy, Some things that may be helpful. 1. In rules, first match (from top of file) for any given connection wins. 2. If no rules match, then the policies take effect. Same deal - first match. 3. Shorewall.net has excellent documentation on all Shorewall can do. For a basic firewall you will barely use any of Shorewall''s features, and it isn''t hard to get a basic firewall configured - see examples on the website. If you need more, read the documentation, ask here, or on IRC in #shorewall (freenode.net). If you ask a question on IRC it may be a while before you get a response... - Bob Coffman ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d