Re: Shorewall Firewall with dynamic interfaces

[Celejar <celejar@gmail.com>]

On Mon, 22 Sep 2008 02:24:26 +1200
Chris Bannister <mockingbird@earthlight.co.nz> wrote:

...

> I don't have shorewall-perl installed so have no knowledge on that.
> Why shorewall-perl?

The author seems to prefer it; from Shorewall-perl.html (in
shorewall-doc):

<Quote>

Shorewall-perl - What is it?

Shorewall-perl is a companion product to Shorewall.

Shorewall-perl contains a re-implementation of the Shorewall compiler
written in Perl. The advantages of using Shorewall-perl over
Shorewall-shell (the shell-based compiler included in earlier Shorewall
3.x releases) are:

    *

      The Shorewall-perl compiler is much faster.
    *

      The script generated by the compiler uses iptables-restore to
instantiate the Netfilter configuration. So it runs much faster than
the script generated by the Shorewall-shell compiler. *

      The Shorewall-perl compiler does more thorough checking of the
configuration than the Shorewall-shell compiler does. *

      The error messages produced by the compiler are better, more
consistent and always include the file name and line number where the
error was detected. *

      Going forward, the Shorewall-perl compiler will get all
enhancements; the Shorewall-shell compiler will only get those
enhancements that are easy to retrofit.

</Quote>

He does concede some downsides; see the subsequent section of the page.

> Chris.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator