Re: Firestarter VS Shorewall

[hendrik@topoi.pooq.com]

On Thu, Mar 01, 2007 at 09:25:33PM +0100, Joe Hart wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Juergen Fiedler wrote:
> > On Thu, Mar 01, 2007 at 08:41:10AM -0800, Jordi wrote:
> >> Hello
> >>
> >> I saw two good firewalls:
> >> - Firestarter wich is easy
> >> - Shorewall wich seems versatile
> >>
> >> Wich is best for a single server pc? Does the complexity of shorewall
> >> worth the effort or is firestarter as good as shorewall?
> > 
> > The fact that Firestarter has a GUI tipped the scales for me - towards
> > Shorewall. While it may be nice to do the initial setup in a GUI,
> > being able to make modifications from anywhere over SSH has proven
> > valuable enough to justify the initial learning curve. And once you
> > 'got it', Shorewall isn't actually that hard to work with.
> > 
> > Just my 2 cents
> >  --j
> 
> Firestarter and Shorewall are both just front-ends to iptables, but
> firestarter is simple (and has far less features than shorewall).
> 
> Shorewall does appear complicated, but in fact, the examples only need
> minor editing for use.
> 
> You could just use iptables directly, but _that_ is complicated.

I've never had any problem using iptables directly -- except when I 
upgraded from woody to sarge -- suddenly there was a firewall of sorts 
introduced by default and I couln't get anything to work until I tracked 
it down in /etc and removed it.

-- hendrik