Overview
Request 53870 accepted
The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.
There has been always interest in shorewall and recently it was on the openfate as well https://features.opensuse.org/310664
Here are some features of shorewall
Features
* Uses Netfilter's connection tracking facilities for stateful packet filtering.
* Can be used in a wide range of router/firewall/gateway applications .
- Completely customizable using configuration files.
- No limit on the number of network interfaces.
- Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones.
- Multiple interfaces per zone and multiple zones per interface permitted.
- Supports nested and overlapping zones.
* Supports centralized firewall administration.
- Shorewall installed on a single administrative system. May be a Windows™ PC running Cygwin™ or an Apple MacIntosh™ running OS X.
- Centrally generated firewall scripts run on the firewalls under control of Shorewall-lite.
* QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly
* A GUI is available via Webmin 1.060 and later (http://www.webmin.com)
* Extensive documentation is available in both Docbook XML and HTML formats.
* Flexible address management/routing support (and you can use all types in the same firewall):
- Masquerading/SNAT.
- Port Forwarding (DNAT).
- One-to-one NAT.
- Proxy ARP.
- NETMAP.
- Multiple ISP support (Multiple Internet Links from the same firewall/gateway)
* Blacklisting of individual IP addresses and subnetworks is supported.
* Operational Support.
- Commands to start, stop and clear the firewall
- Supports status monitoring with an audible alarm when an “interesting” packet is detected.
- Wide variety of informational commands.
* VPN Support.
- IPSEC, GRE, IPIP and OpenVPN Tunnels.
- PPTP clients and Servers.
* Support for Traffic Control/Shaping.
* Media Access Control (MAC) Address Verification.
* Traffic Accounting.
* Bridge/Firewall support
* IPv6 Support
* Works with a wide range of Virtualization Solutions:
- KVM
- Xen
- Linux-Vserver
- OpenVZ
- VirtualBox
more info can be found at http://shorewall.net/
If accepted please add me as maintainer for the package
- Created by toganm
- In state accepted
-
Package maintainers:
bruno_friedmann and
polslinux
Request History
toganm created request
The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.
There has been always interest in shorewall and recently it was on the openfate as well https://features.opensuse.org/310664
Here are some features of shorewall
Features
* Uses Netfilter's connection tracking facilities for stateful packet filtering.
* Can be used in a wide range of router/firewall/gateway applications .
- Completely customizable using configuration files.
- No limit on the number of network interfaces.
- Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones.
- Multiple interfaces per zone and multiple zones per interface permitted.
- Supports nested and overlapping zones.
* Supports centralized firewall administration.
- Shorewall installed on a single administrative system. May be a Windows™ PC running Cygwin™ or an Apple MacIntosh™ running OS X.
- Centrally generated firewall scripts run on the firewalls under control of Shorewall-lite.
* QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly
* A GUI is available via Webmin 1.060 and later (http://www.webmin.com)
* Extensive documentation is available in both Docbook XML and HTML formats.
* Flexible address management/routing support (and you can use all types in the same firewall):
- Masquerading/SNAT.
- Port Forwarding (DNAT).
- One-to-one NAT.
- Proxy ARP.
- NETMAP.
- Multiple ISP support (Multiple Internet Links from the same firewall/gateway)
* Blacklisting of individual IP addresses and subnetworks is supported.
* Operational Support.
- Commands to start, stop and clear the firewall
- Supports status monitoring with an audible alarm when an “interesting” packet is detected.
- Wide variety of informational commands.
* VPN Support.
- IPSEC, GRE, IPIP and OpenVPN Tunnels.
- PPTP clients and Servers.
* Support for Traffic Control/Shaping.
* Media Access Control (MAC) Address Verification.
* Traffic Accounting.
* Bridge/Firewall support
* IPv6 Support
* Works with a wide range of Virtualization Solutions:
- KVM
- Xen
- Linux-Vserver
- OpenVZ
- VirtualBox
more info can be found at http://shorewall.net/
If accepted please add me as maintainer for the package
jengelh accepted request
reviewed ok with provision
