[clug] iptables wrappers and Shorewall (was Re: Issue where gufw losing settings on reboot)

Tony Lewis tony at lewistribe.com
Thu Dec 21 04:34:18 UTC 2017

On 21/12/17 15:05, Bob Edwards via linux wrote:
> On 20/12/17 20:53, George at Clug via linux wrote:
> ...
>> Well I expect some readers are thinking, just use iptables instead of
>> gufw (am I correct?).
> OK, I'll bite - yep - I'd just go with iptables and ignore wrappers etc.

I'll chime in and say I really like Shorewall.  It models one layer 
above iptables, so you think in terms of zones (net, lan, dmz), 
interfaces (eth0 is attached to dmz), policy (deny net to dmz) and rules 
(allow net to dmz: on ports 80 and 443).


Every time I've tried to replace it with something higher up the stack 
(simpler) or lower, I keep returning to it.


