Mailing List for Experienced Users of Shoreline Firewall (Shorewall)

Andy Kannberg | 8 Feb 12:07

Picon

shorewall noob question

Hi Folks,

Just subscribed as I am confused about shorewall...

Here's my story (in a nutshell)

I've inherited a shorewall configuration on a few systems. However, documentation is not available and I don't know shorewall at all.

So, at first I started digging in the man pages, configuration files, the shorewall website and searched the net with google and I thought I got

a feeling of how the applications works

However, there are some questions which I cannot get answered ( Or I am asking the wrong kind of questions, that's possible also)

Anyway, for now I would like to know :

- Hoe does shorewall stand against iptables ? Does it need iptables or do both programs co-exist nicely ?

- How are chains defined in shorewall ? I get a lot of output when I do a 'shorewall show', but I cannot figure out where the chains come from. Or are they the result of shorewall combining the config from the policy config file ?

That's it for starters. Hope you guys can help me out or point me in the right direction.

cheers,

Andy

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

David Watkins | 8 Feb 12:42

Picon

Re: shorewall noob question

> - Hoe does shorewall stand against iptables ? Does it need iptables or do
> both programs co-exist nicely ?

I'm sure others can answer this question better than me but, crudely
put, shorewall is a tool for configuring iptable rules.

You need iptiables installed.  When you run shorewall it builds the
rules and then retires.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Andy Kannberg | 8 Feb 13:03

Picon

Re: shorewall noob question

Hi David,

Thanks for the answer. When I run iptables -L, I don't see any rules. Shouldn't the rules generated by shorewall be visible in iptables ?

cheers,

Andy

2012/2/8 David Watkins <watkinshome <at> gmail.com>

> - Hoe does shorewall stand against iptables ? Does it need iptables or do
> both programs co-exist nicely ?

I'm sure others can answer this question better than me but, crudely
put, shorewall is a tool for configuring iptable rules.

You need iptiables installed. When you run shorewall it builds the
rules and then retires.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
Shorewall-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

David Watkins | 8 Feb 13:17

Picon

Re: shorewall noob question

On 8 February 2012 12:03, Andy Kannberg <andy.kannberg <at> gmail.com> wrote:
> Hi David,
>
> Thanks for the answer. When I run iptables -L, I don't see any rules.
> Shouldn't the rules generated by shorewall be visible in iptables ?

I'd say so, yes.  I certainly can.

Are you saying iptables -L returns nothing, or that you can't see any
of the rules defined in the shorewall/rules file?

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Andy Kannberg | 8 Feb 13:32

Picon

Re: shorewall noob question

2012/2/8 David Watkins <watkinshome <at> gmail.com>

On 8 February 2012 12:03, Andy Kannberg <andy.kannberg <at> gmail.com> wrote:
> Hi David,
>
> Thanks for the answer. When I run iptables -L, I don't see any rules.
> Shouldn't the rules generated by shorewall be visible in iptables ?

I'd say so, yes. I certainly can.

Are you saying iptables -L returns nothing, or that you can't see any
of the rules defined in the shorewall/rules file?

David,

please ignore that last question.....iptables -L does give the same output as 'shorewall show' does

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Robert K Coffman Jr. -Info From Data Corp. | 8 Feb 16:46

Re: shorewall noob question


Andy,

Some things that may be helpful.

1.  In rules, first match (from top of file) for any given connection 
wins.
2.  If no rules match, then the policies take effect.  Same deal - first 
match.
3.  Shorewall.net has excellent documentation on all Shorewall can do. 
For a basic firewall you will barely use any of Shorewall's features, 
and it isn't hard to get a basic firewall configured - see examples on 
the website.  If you need more, read the documentation, ask here, or on 
IRC in #shorewall (freenode.net).  If you ask a question on IRC it may 
be a while before you get a response...

- Bob Coffman

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Return

Return to gmane.comp.security.shorewall.

Project Web Page

Mailing List for Experienced Users of Shoreline Firewall (Shorewall)

Search Archive

Language

Change language

Options

Current view: Threads only / Showing whole messages / Not hiding cited text.
Change to All messages, shortened messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane