HOME

TheInfoList



Click Here for Items Related To - Shorewall
OR:
Shorewall on:   [Wikipedia]   [Google]   [Amazon]

Shorewall is an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
tool for
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
that builds upon the
Netfilter Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network addre ...
(
iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which ...
/
ipchains Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter or firewall capabilities in the 2.2 series of Linux kernels. It superseded ipfirewall (managed by ipfwadm command), but was replaced by iptables ...
) system built into the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files.


Configuration

It is not a
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...
since it does not run continuously, but rather configures rules in the kernel that allow and disallow traffic through the system. Shorewall is configured through a group of plain-text configuration files and does not have a
graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
, though a
Webmin Webmin is a powerful and flexible web-based server management control panel for Unix-like systems. Webmin allows the user to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify an ...
module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and to assist in testing.


Use

Shorewall is mainly used in network installations (as opposed to a personal computer firewall), since most of its strength lies in its ability to work with "zones", such as the
DMZ A demilitarized zone (DMZ or DZ) is an area in which treaties or agreements between nations, military powers or contending groups forbid military installations, activities, or personnel. A DZ often lies along an established frontier or bounda ...
or a 'net' zone. Each zone would then have different rules, making it easy to have for example relaxed rules on the company
intranet An intranet is a computer network for sharing information, easier communication, collaboration tools, operational systems, and other computing services within an organization, usually to the exclusion of access by outsiders. The term is used in c ...
, yet clamp down on traffic coming in from the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
. The plain-text configuration files are usually well-commented and easy to use, though Shorewall may be more difficult for new users to handle than other firewall systems with graphical front-ends.


History

Starting with version 4, Shorewall began using a
Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offici ...
-based compiler frontend; previously it used a shell-based compiler frontend. Support for
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
firewalling is included since version 4.2.4. On 18 February 2019, primary developer Tom Eastep announced that he is retiring from the project, and 5.2.3 would be his final release. Management of the Shorewall project was handed over to a Shorewall committee who would manage the future direction of the Shorewall project. Tom Eastep however continues to be a major contributor to the Shorewall project as of September 2020.


See also


References


External links

* {{Firewall software Firewall software