Hi, I would like to introduce shorewall to Factory. The package has been available for quite a time now at the devel project security:netfilter. The purpose of having shorewall in factory will enable the enduser to another tool for configuring a iptables based firewall, so in that aspect it is not different for having various email clients, or web browsers, therefore will enable the user freedom of choosing a frontend for iptables. The upstream package is in continuous development with active support including mailling-lists and IRC Below you will find information regarding shorewall. Hope it will get into factory. Thanks Togan Muftuoglu What is Shorewall? ================== The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. License =========== This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation. Homepage ========== http://www.shorewall.net Mailing lists ============== https://lists.sourceforge.net/lists/listinfo/shorewall-users https://lists.sourceforge.net/lists/listinfo/shorewall-devel IRC ============= irc.freenode.net #shorewall Author ======== Thomas M. Eastep Features * Uses Netfilter's connection tracking facilities for stateful packet filtering. * Can be used in a wide range of router/firewall/gateway applications . + Completely customizable using configuration files. + No limit on the number of network interfaces. + Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones. + Multiple interfaces per zone and multiple zones per interface permitted. + Supports nested and overlapping zones. * Supports centralized firewall administration. +Shorewall installed on a single administrative system. May be a Windows™ PC running Cygwin™ or an Apple MacIntosh™ running OS X. + Centrally generated firewall scripts run on the firewalls under control of Shorewall-lite. * QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly * A GUI is available via Webmin 1.060 and later (http://www.webmin.com) * Extensive documentation is available in both Docbook XML and HTML formats. * Flexible address management/routing support (and you can use all types in the same firewall): + Masquerading/SNAT. + Port Forwarding (DNAT). + One-to-one NAT. + Proxy ARP. + NETMAP. + Multiple ISP support (Multiple Internet Links from the same firewall/gateway) * Blacklisting of individual IP addresses and subnetworks is supported. * Operational Support. + Commands to start, stop and clear the firewall + Supports status monitoring with an audible alarm when an “interesting” packet is detected. + Wide variety of informational commands. * VPN Support. + IPSEC, GRE, IPIP and OpenVPN Tunnels. + PPTP clients and Servers. * Support for Traffic Control/Shaping. * Wide support for different GNU/Linux Distributions. + RPM and Debian packages available. + Includes automated install, upgrade and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages. + Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash). * Media Access Control (MAC) Address Verification. * Traffic Accounting. * Bridge/Firewall support * IPv6 Support * Works with a wide range of Virtualization Solutions: + KVM + Xen + Linux-Vserver + OpenVZ + VirtualBox Cons ============================================ * Many packages provide a configuration file that describes which ports need to be opened to run a specific service, ie postfix,vsftpd. But shorewall does not recognize these service files. * SuSEfirewall2 is integrated with YaST2 enabling a gui interface for the firewall configuration where as shorewall lacks this interface -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org