Shorewall

Shorewall (short for Shoreline Firewall, named after the place of residence of its author Thomas M. Eastep in Shoreline, Washington, United States ) is a free firewall configurator, which builds on the built- in Linux kernel netfilter.

The configuration is done in text files (among other things in / etc / shorewall / ). From these files Shorewall compiled with the help of iptables netfilter rules that regulate the current flowing through the kernel IP data stream. Shorewall is not a daemon, it does not run constantly, but ends after the creation of the rules. There is a Webmin plugin as a graphical frontend.

The created Shorewall iptables rules operate in the OSI layer 3, that is the bonding layer, even if it is possible to control other layers.

The strengths of Shorewall are the abstraction of the directly connected networks at the interfaces, which are referred to as "zones". The number of zones and their purpose can be defined arbitrarily. For the three main use cases brings Shorewall configuration templates with the following:

• Standalone - connection with only one network interface and only one zone, intended for backing up individual PCs or servers
• Two interface - as a solution for a classical passage firewall with hostile ' red ' and friendly ' green ' network
• Three interface - as a classical solution with a third network that is as DMZ specially connected

Between the zones are guidelines to define (Policy ) that define the default behavior between the zones. These represent a fallback solution for the compounds for which no explicit rules in the rules ( Rules) are defined. Shorewall also dominates the creation of NAT, traffic shaping, bridges and much more.

Shorewall is more of a firewall for professional use and can not be compared with a personal firewall ( OSI layer 7).