Shorewall vs straight iptables?

foxbunny · 2008-05-30 11:56:07

I've set up my gateway's fw using Shorewall. It was really simple, and I'm quite happy with it (although I haven't tested it yet).

Next thing I wanted to know is:

Does configuring the firewall using iptables directly have any advantages over Shorewall, and is the learning curve worth it? Or IOW, is there anything Shorewall cannot handle that iptables can?

pluisje · 2008-05-30 12:30:32

shorewall is indeed really simple but its just an frontend for iptables...
i think should know what your firewall is doing, learning iptables is always handy..
for example if you want to open an port for testing software or so

the advantage of iptables over shorewall is you know what your firewall works...

Redroar · 2008-05-30 15:32:10

Well, using iptables --list lets you check if shorewalls script is doing it's job. But then again, you need to know iptables to really understand the output of iptables --list.

Iptables isn't that hard if you have the right guide....the problem is that most guides have waaaaaay more information than you need, and it's hard to find the simple stuff. The ArchWiki "Simple Stateful Firewall" guide should get you going, and once you understand the logic it's not hard.

foxbunny · 2008-05-30 15:58:10

I will definitely invest time in understanding iptables. But I wanted to know if there are any benefits over Shorewall in production use (like more secure, more flexible, etc etc). I'm asking, because I'm preparing myself for VPS maintenance, and I find Shorewall super-fast for deployment.

Arch Linux

#1 2008-05-30 11:56:07

Shorewall vs straight iptables?

#2 2008-05-30 12:30:32

Re: Shorewall vs straight iptables?

#3 2008-05-30 15:32:10

Re: Shorewall vs straight iptables?

#4 2008-05-30 15:58:10

Re: Shorewall vs straight iptables?

Board footer