mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-15 10:51:02 +01:00
c7506d3a79
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3709 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
143 lines
8.8 KiB
HTML
143 lines
8.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
<HTML>
|
||
<HEAD>
|
||
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
|
||
<TITLE>Shoreline Firewall (Shorewall) 2.0</TITLE>
|
||
<BASE TARGET="_self">
|
||
<META NAME="GENERATOR" CONTENT="OpenOffice.org 2.0 (Linux)">
|
||
<META NAME="CREATED" CONTENT="20040920;15031500">
|
||
<META NAME="CHANGED" CONTENT="20060318;8210500">
|
||
</HEAD>
|
||
<BODY LANG="en-US" DIR="LTR">
|
||
<H1>Shoreline Firewall (Shorewall)</H1>
|
||
<P>The current Stable Version is 3.0.5 -- Get it from the
|
||
<A HREF="download.htm">download sites</A>. Here are the <A HREF="http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.5/releasenotes.txt">release
|
||
notes</A> and here are the <A HREF="http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.5/known_problems.txt">known
|
||
problems</A> and <A HREF="http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.5/errata/">updates</A>.</P>
|
||
<P>The current Development Version is 3.2.0 Beta 1 – Get it from
|
||
the <A HREF="download.htm">download sites</A>. Here are the <A HREF="http://www.shorewall.net/pub/shorewall/development/3.2/shorewall-3.2.0-Beta1/releasenotes.txt">release
|
||
notes</A> and here are the <A HREF="http://www.shorewall.net/pub/shorewall/development/3.2/shorewall-3.2.0-Beta1/known_problems.txt">known
|
||
problems</A> and <A HREF="http://www.shorewall.net/pub/shorewall/development/3.2/shorewall-3.2.0-Beta1/errata/">updates</A><BR><BR>Copyright
|
||
© 2001-2006 Thomas M. Eastep</P>
|
||
<P>Permission is granted to copy, distribute and/or modify this
|
||
document under the terms of the GNU Free Documentation License,
|
||
Version 1.2 or any later version published by the Free Software
|
||
Foundation; with no Invariant Sections, with no Front-Cover, and with
|
||
no Back-Cover Texts. A copy of the license is included in the section
|
||
entitled “<A HREF="GnuCopyright.htm" TARGET="_self">GNU Free
|
||
Documentation License</A>”.</P>
|
||
<P>2006-03-18</P>
|
||
<HR>
|
||
<H3>Table of Contents</H3>
|
||
<P STYLE="margin-left: 0.42in; margin-bottom: 0in"><A HREF="#Intro">Introduction
|
||
to Shorewall</A></P>
|
||
<P STYLE="margin-left: 0.83in; margin-bottom: 0in"><A HREF="#Glossary">Glossary</A><BR><A HREF="#WhatIs">What
|
||
is Shorewall?</A><BR><A HREF="#GettingStarted">Getting Started with
|
||
Shorewall</A><BR><A HREF="#Info">Looking for Information?</A><BR><A HREF="#License">License</A></P>
|
||
<P STYLE="margin-left: 0.42in"><BR><A HREF="#Leaf">Leaf</A><BR><A HREF="#OpenWRT">OpenWRT</A><BR><A HREF="#Proxmox">Proxmox
|
||
Firewall</A><BR><A HREF="#Donations">Donations</A></P>
|
||
<H2><A NAME="Intro"></A>Introduction to Shorewall</H2>
|
||
<H3><A NAME="Glossary"></A>Glossary</H3>
|
||
<UL>
|
||
<LI><P STYLE="margin-bottom: 0in"><A HREF="http://www.netfilter.org/" TARGET="_top">Netfilter</A>
|
||
- the packet filter facility built into the 2.4 and later Linux
|
||
kernels.</P>
|
||
<LI><P STYLE="margin-bottom: 0in">ipchains - the packet filter
|
||
facility built into the 2.2 Linux kernels. Also the name of the
|
||
utility program used to configure and control that facility.
|
||
Netfilter can be used in ipchains compatibility mode.</P>
|
||
<LI><P>iptables - the utility program used to configure and control
|
||
Netfilter. The term 'iptables' is often used to refer to the
|
||
combination of iptables+Netfilter (with Netfilter not in ipchains
|
||
compatibility mode).</P>
|
||
</UL>
|
||
<H3><A NAME="WhatIs"></A>What is Shorewall?</H3>
|
||
<P STYLE="margin-left: 0.42in">The Shoreline Firewall, more commonly
|
||
known as "Shorewall", is a high-level tool for configuring
|
||
Netfilter. You describe your firewall/gateway requirements using
|
||
entries in a set of configuration files. Shorewall reads those
|
||
configuration files and with the help of the iptables utility,
|
||
Shorewall configures Netfilter to match your requirements. Shorewall
|
||
can be used on a dedicated firewall system, a multi-function
|
||
gateway/router/server or on a standalone GNU/Linux system. Shorewall
|
||
does not use Netfilter's ipchains compatibility mode and can thus
|
||
take advantage of Netfilter's connection state tracking
|
||
capabilities.<BR><BR>Shorewall is <U>not</U> a daemon. Once Shorewall
|
||
has configured Netfilter, it's job is complete. After that, there is
|
||
no Shorewall code running although the <A HREF="starting_and_stopping_shorewall.htm">/sbin/shorewall
|
||
program can be used at any time to monitor the Netfilter firewall</A>.</P>
|
||
<P STYLE="margin-left: 0.42in">Shorewall is not the easiest to use of
|
||
the available iptables configuration tools but I believe that it is
|
||
the most flexible and powerful. So if you are looking for a simple
|
||
point-and-click set-and-forget Linux firewall solution that requires
|
||
a minimum of networking knowledge, I would encourage you to check out
|
||
the following alternatives:</P>
|
||
<UL>
|
||
<LI><P STYLE="margin-bottom: 0in"><A HREF="http://www.m0n0.ch/wall">m0n0wall</A>
|
||
(FreeBSD Based)
|
||
</P>
|
||
<LI><P><A HREF="http://www.fs-security.com/">Firestarter</A></P>
|
||
</UL>
|
||
<P STYLE="margin-left: 0.42in">On the other hand, if you are looking
|
||
for a Linux firewall solution that can handle complex and fast
|
||
changing network environments then Shorewall is a logical choice.</P>
|
||
<P STYLE="margin-left: 0.42in">To see some of the many things that
|
||
you can do with Shorewall, see the <A HREF="shorewall_features.htm">Shorewall
|
||
Features page</A>.</P>
|
||
<H3><A NAME="GettingStarted"></A>Getting Started with Shorewall</H3>
|
||
<P STYLE="margin-left: 0.42in">New to Shorewall? Download the current
|
||
Stable version (see above) then select the <A HREF="shorewall_quickstart_guide.htm">QuickStart
|
||
Guide</A> that most closely matches your environment and follow the
|
||
step by step instructions.</P>
|
||
<H3><A NAME="Info"></A>Looking for Information?</H3>
|
||
<P STYLE="margin-left: 0.42in">The <A HREF="Documentation.html">Documentation
|
||
Index</A> is a good place to start as is the Site Search in the frame
|
||
above.</P>
|
||
<H3><A NAME="License"></A>License</H3>
|
||
<P STYLE="margin-left: 0.42in">This program is free software; you can
|
||
redistribute it and/or modify it under the terms of <A HREF="http://www.gnu.org/licenses/gpl.html">Version
|
||
2 of the GNU General Public License</A> as published by the Free
|
||
Software Foundation.</P>
|
||
<P STYLE="margin-left: 0.42in">This program is distributed in the
|
||
hope that it will be useful, but WITHOUT ANY WARRANTY; without even
|
||
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||
PURPOSE. See the GNU General Public License for more detail.</P>
|
||
<P STYLE="margin-left: 0.42in">You should have received a copy of the
|
||
GNU General Public License along with this program; if not, write to
|
||
the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
|
||
02139, USA</P>
|
||
<P STYLE="margin-left: 0.42in">Permission is granted to copy,
|
||
distribute and/or modify this document under the terms of the GNU
|
||
Free Documentation License, Version 1.2 or any later version
|
||
published by the Free Software Foundation; with no Invariant
|
||
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy
|
||
of the license is included in the section entitled "GNU Free
|
||
Documentation License".</P>
|
||
<HR>
|
||
<H2><A NAME="Leaf"></A>Leaf</H2>
|
||
<P><FONT COLOR="#000080"><A HREF="http://leaf.sourceforge.net/" TARGET="_top"><FONT COLOR="#000080"><IMG SRC="images/leaflogo.gif" NAME="Graphic1" ALT="(Leaf Logo)" ALIGN=BOTTOM WIDTH=52 HEIGHT=39 BORDER=1></FONT></A></FONT>
|
||
LEAF is an open source project which provides a Firewall/router on a
|
||
floppy, CD or CF. Several LEAF distributions including Bering and
|
||
Bering-uClibc use Shorewall as their Netfilter configuration tool.</P>
|
||
<HR>
|
||
<H2><A NAME="OpenWRT"></A>OpenWRT</H2>
|
||
<P STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><A HREF="http://openwrt.org/"><FONT COLOR="#000080"><IMG SRC="images/openwrt.png" NAME="graphics1" ALT="(OpenWRT Logo)" ALIGN=BOTTOM HSPACE=4 WIDTH=91 HEIGHT=34 BORDER=1></FONT></A></FONT>OpenWRT
|
||
is a project which provides open source firmware for Linksys WRT54G
|
||
wireless routers. Two different Shorewall packages are available for
|
||
OpenWRT.</P>
|
||
<HR>
|
||
<H2><A NAME="Proxmox"></A>Proxmox Firewall</H2>
|
||
<P><FONT COLOR="#000000"><A HREF="http://www.proxmox.com/"><FONT COLOR="#000080"><IMG SRC="images/Proxmox.png" NAME="graphics2" ALT="Proxmox Logo" ALIGN=MIDDLE HSPACE=4 WIDTH=144 HEIGHT=20 BORDER=1></FONT></A></FONT>Proxmox
|
||
firewall is based on Shorewall and Debian Sarge. It has an automated
|
||
installer and a GUI.</P>
|
||
<HR>
|
||
<H2><A NAME="Donations"></A>Donations</H2>
|
||
<P><A HREF="http://www.alz.org/" TARGET="_top"><FONT COLOR="#000080"><IMG SRC="images/alz_logo2.gif" NAME="Graphic2" ALT="(Alzheimer's Association Logo)" ALIGN=RIGHT WIDTH=306 HEIGHT=66 BORDER=1></FONT></A><A HREF="http://www.starlight.org/" TARGET="_top"><FONT COLOR="#000080"><IMG SRC="images/newlog.gif" NAME="Graphic3" ALT="(Starlight Foundation Logo)" ALIGN=RIGHT WIDTH=65 HEIGHT=108 BORDER=1></FONT></A>Shorewall
|
||
is free but if you try it and find it useful, please consider making
|
||
a donation to the <A HREF="http://www.alz.org/" TARGET="_top">Alzheimer's
|
||
Association</A> or to the <A HREF="http://www.starlight.org/" TARGET="_top">Starlight
|
||
Children's Foundation</A>. <BR><BR>Thank You</P>
|
||
<P ALIGN=LEFT><BR><BR>
|
||
</P>
|
||
</BODY>
|
||
</HTML> |