stock security

Obie · 08-10-2004, 04:06 PM

I installed Mandrake 10 recently and it comes pre-installed with shorewall and iptables. Now having looked at the pre-defined rules for iptables, it has already various rules assigned to them with the common chains (INPUT, OUTPUT & FORWARD) already in place but also custom chains. Since I am relatively new to iptables, how does shorewall differ from iptables and if so do I really need it if I already have iptables?

stickman · 08-10-2004, 04:23 PM

Shorewall is basically a frontend to iptables. There are quite a few of them actually, and each tries to make iptables management a bit easier.

Obie · 08-10-2004, 04:29 PM

stickman,

If shorewall is the front-end(which I am assuming to be a web-interface), would it be best to learn iptables and configure iptables directly or should I do it via shorewall? If I manually configure iptables, is it worth having shorewall running or any other front-end.

ppuru · 08-10-2004, 10:05 PM

Well it is your call. But I believe manual configuration is better, although these front-ends may ease your typing a bit.

Obie · 08-10-2004, 10:09 PM

Thanks. I take it disabling shorewall won't in anyway decrease the level of security achieved by iptables. Please correct me if I am wrong.

stickman · 08-11-2004, 07:30 AM

Quote:

Originally posted by Obie
stickman,

If shorewall is the front-end(which I am assuming to be a web-interface), would it be best to learn iptables and configure iptables directly or should I do it via shorewall? If I manually configure iptables, is it worth having shorewall running or any other front-end.

The frontend just makes things a bit easier when you are starting out. Creating your own iptables script definitely gives you a bit more flexiblity, especially if you have unusual network requirements. You could always list the iptables rules that your frontend generates and use that as the starting point for your customizations.

Obie · 08-11-2004, 04:05 PM

Thanks stickman.