[Shorewall-newbies] What is the best Linux to create a firewall ?

Tom Eastep teastep at shorewall.net
Thu Feb 26 09:57:07 PST 2004

On Thursday 26 February 2004 06:00 am, Richard Atcheson wrote:

> > My question is not to know which distribution is better, just to know how
> > I must do to create my own firewall using iptables and shorewall and
> > minimal services like SSH...
> >
> > Red Hat ? Mandrake ? Suse ?
> >
> > Which package do i need to install to be able to install everything i
> > need ?
> >
> > Sorry, i'm really new to Linux...
> Hi Florent;
> I'm partial to SuSEPro and Shorewall. 

Without trying to start a distribution flame war, here is my opinion of the 
various distributions that I have tried:

a) RedHat -- I used RedHat for years but their commercial products are now 
rather expensive and the Debian team have a lot more experience (and a good 
track record) at community-based development and support than do the Fedora 

b) Mandrake -- Emphasis on using latest packages and technologies results in 
some stability problems, especially in new releases. Shorewall is the default 
firewall but if you let the Mandrake installer configure "Internet Connection 
Sharing", the resulting Shorewall configuration doesn't match any of my 
Shorewall documentation.

c) SuSE -- Solid distribution if it likes your hardware. I'm only able to run 
it on 2 of my four Linux systems (although I haven't tried installing 9.0 on 
the all of the systems). On one system, the 8.1 installer claimed that the 
mother board is crap and not supported by Linux (clearly untrue since RedHat 
runs fine on the system; it hosts http://shorewall.net as well as the mailing 
lists), and on another system SuSE 8.1 crashed repeatedly to the point where 
I couldn't get through the second phase of installation (both Mandrake and 
RedHat also run well on that system). SuSE 9.0 has been very solid on my file 
server which also served as my firewall for a couple of days while I was 
building a new Debian-based firewall.

d) Debian -- My choice if you are an experienced Linux user. While the new 
Sarge installer is a great step forward, the installation process is still 
confusing in places.

While experienced users are likely to install a minimal system for use as a 
firewall, I think that a newbie should start with the basic desktop 
installation offered by the distribution's installer and add the required 
packages (iproute a.k.a iproute2 and shorewall).

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list