HOME

TheInfoList



Click Here for Items Related To - Shorewall
OR:
Shorewall on:   [Wikipedia]   [Google]   [Amazon]

Shorewall is an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
tool for
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
that builds upon the
Netfilter Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network addr ...
(
iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which ...
/
ipchains Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter or firewall capabilities in the 2.2 series of Linux kernels. It superseded ipfirewall (managed by ipfwadm command), but was replaced by iptables ...
) system built into the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...
, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files.


Configuration

It is not a
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The wo ...
since it does not run continuously, but rather configures rules in the kernel that allow and disallow traffic through the system. Shorewall is configured through a group of plain-text configuration files and does not have a
graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows User (computing), users to Human–computer interaction, interact with electronic devices through graphical icon (comp ...
, though a
Webmin Webmin is a powerful and flexible web-based server management control panel for Unix-like systems. Webmin allows the user to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify a ...
module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and to assist in testing.


Use

Shorewall is mainly used in network installations (as opposed to a personal computer firewall), since most of its strength lies in its ability to work with "zones", such as the DMZ or a 'net' zone. Each zone would then have different rules, making it easy to have for example relaxed rules on the company intranet, yet clamp down on traffic coming in from the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...
. The plain-text configuration files are usually well-commented and easy to use, though Shorewall may be more difficult for new users to handle than other firewall systems with graphical front-ends.


History

Starting with version 4, Shorewall began using a
Perl Perl is a family of two High-level programming language, high-level, General-purpose programming language, general-purpose, Interpreter (computing), interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it ...
-based compiler frontend; previously it used a shell-based compiler frontend. Support for
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
firewalling is included since version 4.2.4. On 18 February 2019, primary developer Tom Eastep announced that he is retiring from the project, and 5.2.3 would be his final release. Management of the Shorewall project was handed over to a Shorewall committee who would manage the future direction of the Shorewall project. Tom Eastep however continues to be a major contributor to the Shorewall project as of September 2020.


See also


References


External links

* {{Firewall software Firewall software