2007/07/15

My First Touch on Shorewall

Last week, I performed installation and configuration of Shorewall on Fedora Core 6. I made a host-based firewall and some people called it a one-interface firewall. No difficulties encountered and the documentation gave sufficient details for me to understand.

I try to compare FC6's default installed iptable-based firewall functions with Shorewall. For stateful packet inspection of incoming packets, both are more or less the same. However, Shorewall offers additional functions of whitelists, blacklists and limiting the rates of incoming packets. There is no doubt that Shorewall is a perfect choice for people who find it difficult to learn and write some iptables scripts.

No comments: