Shorewall

Shorewall
Developer(s)	Thomas M. Eastep
Stable release	5.2.8 / 24 September 2020;3 years ago
Written in	Perl
Operating system	GNU
Available in	English
License	GPLv2+
Website	shorewall.org

Last updated September 28, 2023

Shorewall is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files. Its documentation is hosted on shorewall.org, while the latest code is hosted at https://gitlab.com/shorewall/code.

Configuration

It is not a daemon since it does not run continuously, but rather configures rules in the kernel that allow and disallow traffic through the system. Shorewall is configured through a group of plain-text configuration files and does not have a graphical user interface, though a Webmin module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and to assist in testing.

Use

Shorewall is mainly used in network installations^[4] (as opposed to a personal computer firewall), since most of its strength lies in its ability to work with "zones",^[4] such as the DMZ or a 'net' zone. Each zone would then have different rules, making it easy to have for example relaxed rules on the company intranet, yet clamp down on traffic coming in from the Internet.

The plain-text configuration files are usually well-commented and easy to use, though Shorewall may be more difficult for new users to handle than other firewall systems with graphical front-ends.^{[ citation needed ]}

History

Starting with version 4, Shorewall began using a Perl-based compiler frontend; previously it used a shell-based compiler frontend.^[5] Support for IPv6 firewalling is included since version 4.2.4.^[6]

On 18 February 2019, primary developer Tom Eastep announced that he is retiring from the project, and 5.2.3 would be his final release.^[7] Management of the Shorewall project was handed over to a Shorewall committee who would manage the future direction of the Shorewall project.^[8] Tom Eastep however continues to be a major contributor to the Shorewall project as of September 2020.

Related Research Articles

Red Hat Linux was a widely used commercial open-source Linux distribution created by Red Hat until its discontinuation in 2004.

<span class="mw-page-title-main">Vim (text editor)</span> Improved version of the Vi keyboard-oriented text editor

Vim is a free and open-source, screen-based text editor program. It is an improved clone of Bill Joy's vi. Vim's author, Bram Moolenaar, derived Vim from a port of the Stevie editor for Amiga and released a version to the public in 1991. Vim is designed for use both from a command-line interface and as a standalone application in a graphical user interface.

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

GoboLinux is a Linux distribution whose most prominent feature is a reorganization of the traditional Linux file system. Rather than following the Filesystem Hierarchy Standard like most Unix-like systems, each program in a GoboLinux system has its own subdirectory tree, where all of its files may be found. Thus, a program "Foo" has all of its specific files and libraries in /Programs/Foo, under the corresponding version of this program at hand. For example, the commonly known GCC compiler suite version 8.1.0, would reside under the directory /Programs/GCC/8.1.0.

GNU GRUB is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

make menuconfig is one of five similar tools that can configure Linux source, a necessary early step needed to compile the source code. make menuconfig, with a menu-driven user interface, allows the user to choose the features of Linux that will be compiled. It is normally invoked using the command make menuconfig; menuconfig is a target in Linux Makefile.

VectorLinux, abbreviated VL, is a Linux distribution for the x86 platform based on the Slackware Linux distribution, originally developed by Canadian developers Robert S. Lange and Darell Stavem. Since version 7 the Standard Edition is also available for the x86-64 platform, known as VLocity64 7.

FireHOL is a shell script designed as a wrapper for iptables written to ease the customization of the Linux kernel's firewall netfilter. FireHOL is free software and open-source, distributed under the terms of the GNU General Public License.

The magic SysRq key is a key combination understood by the Linux kernel, which allows the user to perform various low-level commands regardless of the system's state. It is often used to recover from freezes, or to reboot a computer without corrupting the filesystem. Its effect is similar to the computer's hardware reset button but with many more options and much more control.

NetworkManager is a daemon that sits on top of libudev and other Linux kernel interfaces and provides a high-level interface for the configuration of the network interfaces.

<span class="mw-page-title-main">NDISwrapper</span> Driver wrapper for Windows devices used on Linux

NDISwrapper is a free software driver wrapper that enables the use of Windows XP network device drivers on Linux operating systems. NDISwrapper works by implementing the Windows kernel and NDIS APIs and dynamically linking Windows network drivers to this implementation. As a result, it only works on systems based on the instruction set architectures supported by Windows, namely IA-32 and x86-64.

In software development, CMake is cross-platform free and open-source software for build automation, testing, packaging and installation of software by using a compiler-independent method. CMake is not a build system itself; it generates another system's build files. It supports directory hierarchies and applications that depend on multiple libraries. It is used in conjunction with native build environments such as Make, Qt Creator, Ninja, Android Studio, Apple's Xcode, and Microsoft Visual Studio. It has minimal dependencies, requiring only a C++ compiler on its own build system.

The multi-stage booting process of Linux is in many ways similar to the BSD and other Unix-style boot processes, from which it derives.

nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014.

<span class="mw-page-title-main">Salix OS</span> Linux distribution

Salix OS is a multi-purpose Linux distribution based on Slackware.

The Linux console is a system console internal to the Linux kernel. A system console is the device which receives all kernel messages and warnings and which allows logins in single user mode. The Linux console provides a way for the kernel and other processes to send text output to the user, and to receive text input from the user. The user typically enters text with a computer keyboard and reads the output text on a computer monitor. The Linux kernel supports virtual consoles – consoles that are logically separate, but which access the same physical keyboard and display. The Linux console are implemented by the VT subsystem of the Linux kernel, and do not rely on any user space software. This is in contrast to a terminal emulator, which is a user space process that emulates a terminal, and is typically used in a graphical display environment.

cgroups is a Linux kernel feature that limits, accounts for, and isolates the resource usage of a collection of processes.

firewalld is a firewall management tool for Linux operating systems. It provides firewall features by acting as a front-end for the Linux kernel's netfilter framework. firewalld's current default backend is nftables. Prior to v0.6.0, iptables was the default backend. Through its abstractions, firewalld acts as an alternative to nft and iptables command line programs. The name firewalld adheres to the Unix convention of naming system daemons by appending the letter "d".

Kwort is a Linux distribution, based on CRUX. Kwort's desktop environment is Openbox.

References

↑ "Shoreline Firewall (Shorewall)". Shorewall. Retrieved 29 October 2020.
↑ "SHOREWALL 5.2.8" (TXT). Shorewall.net. Retrieved 29 October 2020.
↑ "Shorewall Notices". Shorewall. Retrieved 22 November 2014.
1 2 Eastep, Thomas M. (19 September 2020). "Current Shorewall Releases". Shorewall. Retrieved 19 April 2021.
↑ "R E L E A S E 4 . 4 H I G H L I G H T S" (TXT). Shorewall. Retrieved 22 November 2014.
↑ Eastep, Tom (18 February 2019). "Shoreline Firewall (Shorewall)". Sourceforge (Shorewall). Retrieved 19 April 2021.
↑ "Shoreline Firewall (Shorewall) / [Shorewall-users] The end of the road..." sourceforge.net (Shorewall). Retrieved 18 February 2019.
↑ "Shoreline Firewall (Shorewall) / [Shorewall-announce] The Next Chapter for Shorewall". sourceforge.net (Shorewall). Retrieved 29 October 2020.

External links

Official website

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Shoreline Firewall (Shorewall)". Shorewall. Retrieved 29 October 2020.

[2] "SHOREWALL 5.2.8" (TXT). Shorewall.net. Retrieved 29 October 2020.

[3] "Shorewall Notices". Shorewall. Retrieved 22 November 2014.

[:0-4] 1 2 Eastep, Thomas M. (19 September 2020). "Current Shorewall Releases". Shorewall. Retrieved 19 April 2021.

[5] "R E L E A S E 4 . 4 H I G H L I G H T S" (TXT). Shorewall. Retrieved 22 November 2014.

[6] Eastep, Tom (18 February 2019). "Shoreline Firewall (Shorewall)". Sourceforge (Shorewall). Retrieved 19 April 2021.

[7] "Shoreline Firewall (Shorewall) / [Shorewall-users] The end of the road..." sourceforge.net (Shorewall). Retrieved 18 February 2019.

[8] "Shoreline Firewall (Shorewall) / [Shorewall-announce] The Next Chapter for Shorewall". sourceforge.net (Shorewall). Retrieved 29 October 2020.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]