Operating systemsOS : Linux
Program licensingSoftware Licensing : Freeware
CreatedCreated : Mar 24, 2010
Size downloadDownload size : 0.3 MBytes
Program licensing
Thank you for voting...
Test result: CLEAN

Shorewall A Gateway/firewall Configuration T...

Shorewall by Shorewall is a gateway/firewall configuration tool for GNU/Linux.
The Shoreline Firewall, more commonly known as “ Shorewall” , is high-level tool for configuring Netfilter.
Shorewall [shorewall4.4.27.3.exe] is not a daemon.
Shorewall - 0.3MB is not the easiest to use of the available iptables configuration tool but I believe that it is the most flexible and powerful.

What is new in official Shorewall software version? - 1) Up to this point, Shorewall has had a lot of very similar files in multiple products. Beginning with this release, the following files are identical. - /sbin/shorewall - /sbin/shorewall6 - /sbin/shorewall-lite - /sbin/shorewall6-lite The program uses it's own file name to determine which role it is to assume. It does that by initializing variables that are later used within the various libraries. Shorewall and Shorewall6 share use of /usr/share/shorewall/lib.base /usr/share/shorewall/lib.cli, and /usr/share/shorewall/lib.common. /usr/share/shorewall6/lib.base is a small file that sets variables and then sources /usr/share/shorewall/lib.base. As before, shorewall and shorewall-lite share the same libraries as do shorewall6 and shorwall6-lite. Shorewall includes a new library: /usr/share/shorewall/lib.cli-std. /usr/share/shorewall[6]/lib.cli contains everything needed by the Lite products. 2) Shorewall now supports the CT target in the Netfilter 'raw' table. See 'man shorewall-notrack' for details. The main use of this target is described in this paper: The paper a product of the vulnerability described in the 4.4.20 release note which introduced the 'sfilter' facility. In the paper, rules such as the following are recommended: iptables -A PREROUTING -t raw -p tcp --dport 2121 -d -j CT --helper ftp The equivalent entry in /etc/shorewall/notrack would be: #ACTION SOURCE DEST PROTO DEST # PORT(S) CT:helper:ftp - tcp 2121 As part of this change, Shorewall now verifies the helper name in the HELPER column of the tcrules and tcpri files. 3) The above-referenced paper also advocates careful control of RELATED rules. To allow such control, two new options have been introduced in shorewall[6].conf: - RELATED_DISPOSITION May be ACCEPT, A_ACCEPT, A_DROP, A_REJECT, DROP or REJECT. For compatibility with earlier releases, the default is ACCEPT. match any rule in the RELATED section of the rules file. - RELATED_LOG_LEVEL Specifies a level for logging related packets. Default is empty which means that no logging occurs. 4) The options in shorewall.conf (shorewall6.conf) may now be used as shell variables in other configuration files. 5) A new option, USE_PHYSICAL_NAMES, has been added to shorewall.conf and shorewall6.conf. Normally, when the rules compiler creates a Netfilter chain that relates to an interface, the logical name of the interface is used as the base for the chain name. For example, if an interface has logical name OAKLAND and physical name eth0, then the primary chain for input arriving on that interface is normally 'OAKLAND_in'. When USE_PHYSICAL_NAMES=Yes, the name would be 'eth0_in'. 6) CLASSIFY entries in tcrules may now be placed in the FORWARD or PREROUTING chain by following the class Id with :F or :P respectively. What is expected in the future? Newly-made Shorewall 4.5 be downloaded from current page, we also looking forward to unconfirmed 4.6 release build. You may download shorewall-4.4.8.tgz directly, estimated download time by ISDN or CDMA [~128 kbit/s] is 0:00:17. Just write the reviews of the Shorewall. System requirements are unspecified. Program has been scanned and verified by the several antivirus and anti-spyware applications and Shorewall found to be clean. No guide or Shorewall tutorial available. The following languages are supported by Shorewall: English.

Put a free download button on your own website


Support Shorewall, just copy+paste this html: