Re: Shorewall Firewall with dynamic interfaces
On Mon, 22 Sep 2008 02:24:26 +1200
Chris Bannister <mockingbird@earthlight.co.nz> wrote:
...
> I don't have shorewall-perl installed so have no knowledge on that.
> Why shorewall-perl?
The author seems to prefer it; from Shorewall-perl.html (in
shorewall-doc):
<Quote>
Shorewall-perl - What is it?
Shorewall-perl is a companion product to Shorewall.
Shorewall-perl contains a re-implementation of the Shorewall compiler
written in Perl. The advantages of using Shorewall-perl over
Shorewall-shell (the shell-based compiler included in earlier Shorewall
3.x releases) are:
*
The Shorewall-perl compiler is much faster.
*
The script generated by the compiler uses iptables-restore to
instantiate the Netfilter configuration. So it runs much faster than
the script generated by the Shorewall-shell compiler. *
The Shorewall-perl compiler does more thorough checking of the
configuration than the Shorewall-shell compiler does. *
The error messages produced by the compiler are better, more
consistent and always include the file name and line number where the
error was detected. *
Going forward, the Shorewall-perl compiler will get all
enhancements; the Shorewall-shell compiler will only get those
enhancements that are easy to retrofit.
</Quote>
He does concede some downsides; see the subsequent section of the page.
> Chris.
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: