[opensuse-factory] New package shorewall
Hi, I would like to introduce shorewall to Factory. The package has been available for quite a time now at the devel project security:netfilter. The purpose of having shorewall in factory will enable the enduser to another tool for configuring a iptables based firewall, so in that aspect it is not different for having various email clients, or web browsers, therefore will enable the user freedom of choosing a frontend for iptables. The upstream package is in continuous development with active support including mailling-lists and IRC Below you will find information regarding shorewall. Hope it will get into factory. Thanks Togan Muftuoglu What is Shorewall? ================== The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. License =========== This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation. Homepage ========== http://www.shorewall.net Mailing lists ============== https://lists.sourceforge.net/lists/listinfo/shorewall-users https://lists.sourceforge.net/lists/listinfo/shorewall-devel IRC ============= irc.freenode.net #shorewall Author ======== Thomas M. Eastep Features * Uses Netfilter's connection tracking facilities for stateful packet filtering. * Can be used in a wide range of router/firewall/gateway applications . + Completely customizable using configuration files. + No limit on the number of network interfaces. + Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones. + Multiple interfaces per zone and multiple zones per interface permitted. + Supports nested and overlapping zones. * Supports centralized firewall administration. +Shorewall installed on a single administrative system. May be a Windows™ PC running Cygwin™ or an Apple MacIntosh™ running OS X. + Centrally generated firewall scripts run on the firewalls under control of Shorewall-lite. * QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly * A GUI is available via Webmin 1.060 and later (http://www.webmin.com) * Extensive documentation is available in both Docbook XML and HTML formats. * Flexible address management/routing support (and you can use all types in the same firewall): + Masquerading/SNAT. + Port Forwarding (DNAT). + One-to-one NAT. + Proxy ARP. + NETMAP. + Multiple ISP support (Multiple Internet Links from the same firewall/gateway) * Blacklisting of individual IP addresses and subnetworks is supported. * Operational Support. + Commands to start, stop and clear the firewall + Supports status monitoring with an audible alarm when an “interesting” packet is detected. + Wide variety of informational commands. * VPN Support. + IPSEC, GRE, IPIP and OpenVPN Tunnels. + PPTP clients and Servers. * Support for Traffic Control/Shaping. * Wide support for different GNU/Linux Distributions. + RPM and Debian packages available. + Includes automated install, upgrade and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages. + Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash). * Media Access Control (MAC) Address Verification. * Traffic Accounting. * Bridge/Firewall support * IPv6 Support * Works with a wide range of Virtualization Solutions: + KVM + Xen + Linux-Vserver + OpenVZ + VirtualBox Cons ============================================ * Many packages provide a configuration file that describes which ports need to be opened to run a specific service, ie postfix,vsftpd. But shorewall does not recognize these service files. * SuSEfirewall2 is integrated with YaST2 enabling a gui interface for the firewall configuration where as shorewall lacks this interface -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 06/17/2011 02:47 PM, Togan Muftuoglu wrote:
Hi,
I would like to introduce shorewall to Factory. The package has been available for quite a time now at the devel project security:netfilter.
The purpose of having shorewall in factory will enable the enduser to another tool for configuring a iptables based firewall, so in that aspect it is not different for having various email clients, or web browsers, therefore will enable the user freedom of choosing a frontend for iptables.
The upstream package is in continuous development with active support including mailling-lists and IRC
Below you will find information regarding shorewall. Hope it will get into factory.
Thanks
Togan Muftuoglu
What is Shorewall? ================== The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.
License =========== This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation.
Homepage ========== http://www.shorewall.net
Mailing lists ============== https://lists.sourceforge.net/lists/listinfo/shorewall-users https://lists.sourceforge.net/lists/listinfo/shorewall-devel
IRC ============= irc.freenode.net #shorewall
Author ======== Thomas M. Eastep
Features
* Uses Netfilter's connection tracking facilities for stateful packet filtering.
* Can be used in a wide range of router/firewall/gateway applications . + Completely customizable using configuration files. + No limit on the number of network interfaces. + Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones. + Multiple interfaces per zone and multiple zones per interface permitted. + Supports nested and overlapping zones.
* Supports centralized firewall administration. +Shorewall installed on a single administrative system. May be a Windows™ PC running Cygwin™ or an Apple MacIntosh™ running OS X. + Centrally generated firewall scripts run on the firewalls under control of Shorewall-lite.
* QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly
* A GUI is available via Webmin 1.060 and later (http://www.webmin.com)
* Extensive documentation is available in both Docbook XML and HTML formats.
* Flexible address management/routing support (and you can use all types in the same firewall): + Masquerading/SNAT. + Port Forwarding (DNAT). + One-to-one NAT. + Proxy ARP. + NETMAP. + Multiple ISP support (Multiple Internet Links from the same firewall/gateway)
* Blacklisting of individual IP addresses and subnetworks is supported.
* Operational Support. + Commands to start, stop and clear the firewall + Supports status monitoring with an audible alarm when an “interesting” packet is detected. + Wide variety of informational commands.
* VPN Support. + IPSEC, GRE, IPIP and OpenVPN Tunnels. + PPTP clients and Servers.
* Support for Traffic Control/Shaping.
* Wide support for different GNU/Linux Distributions. + RPM and Debian packages available. + Includes automated install, upgrade and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages. + Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash).
* Media Access Control (MAC) Address Verification.
* Traffic Accounting.
* Bridge/Firewall support
* IPv6 Support
* Works with a wide range of Virtualization Solutions: + KVM + Xen + Linux-Vserver + OpenVZ + VirtualBox
Cons ============================================ * Many packages provide a configuration file that describes which ports need to be opened to run a specific service, ie postfix,vsftpd. But shorewall does not recognize these service files.
* SuSEfirewall2 is integrated with YaST2 enabling a gui interface for the firewall configuration where as shorewall lacks this interface
Hi Togan First thanks for your packaging, it saves me so much time tracking the changes in shorewall. During the last years, I can attest that each upgrade goes well. Minus one change we resolve quickly by mail. Shorewall is really complete, and have a really good documentation. I use that from the last 7 years. I can also attest of the hyper great quality of Tom Eastep. It's definitively not for end (dumb) users. But those have not complex situations to manage too :-) -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le 18/06/2011 10:39, Bruno Friedmann a écrit :
It's definitively not for end (dumb) users. But those have not complex situations to manage too :-)
I used it on Mandriva some years ago and liked it, I find it at the moment easier to manage than SuSEfirewall2 (but ATM YaST didn't help) jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 06/18/2011 10:39 AM, Bruno Friedmann wrote:
First thanks for your packaging, it saves me so much time tracking the changes in shorewall. During the last years, I can attest that each upgrade goes well. Minus one change we resolve quickly by mail.
Glad to hear you find the packaging usefull. Thanks Togan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (3)
-
Bruno Friedmann -
jdd -
Togan Muftuoglu