Tom Eastep 2001-2006 Thomas M Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. This article applies to Shorewall 3.0 and later. If you are running a version of Shorewall earlier than Shorewall 3.0.0 then please see the documentation for that release.

A Linux kernel that supports netfilter (No, it won't work on BSD or Solaris). I've tested with 2.4.2 - 2.6.16. Check here for kernel configuration information. iptables 1.2 or later (but I recommend at least version 1.3.3) Iproute (ip and "tc" utilities). The iproute package is included with most distributions but may not be installed by default. The official download site is http://developer.osdl.org/dev/iproute2/download/. A Bourne shell or derivative such as bash or ash. This shell must have correct support for variable expansion formats ${variable%pattern}, ${variable%%pattern}, ${variable#pattern} and ${variable##pattern}. Your shell must produce a sensible result when a number n (128 <= n <= 255) is left shifted by 24 bits. You can check this at a shell prompt by: echo $((128 << 24)) The result must be either 2147483648 or -2147483648. The firewall monitoring display is greatly improved if you have awk (gawk) installed.

Shorewall-perl is a re-implementation of the Shorewall configuration compiler written in Perl. It is much faster than the classic Shorewall-shell compiler and produces a firewall script that runs much faster. It's prerequisites are described in the Shorewall-perl article.