[Shorewall-users] Shorewall 1.3 Beta 1
Fri, 17 May 2002 18:40:11 -0700 (Pacific Daylight Time)
On Fri, 17 May 2002, Steve Herber wrote:
> I started using a Cisco Pix firewall about three years ago and the
> main problem I had was understanding some of the syntax for the port
> forwarding rules. What I really liked about shorewall was how simple
> the configuration files were for the simple cases. But I have always
> had a problem with the rules file because of the multiple possibilities.
> Not that the possibilities are bad, but because the syntax, just like the
> Pix syntax, doesn't fit the way I look at network connections. I agree
> with John that lots happens in the file.
> I really like systems to be regular and consistent. Is there a reason that
> the order of the fields in the rules file and the tos file are different both
> in order and in name? The same goes for the policy file where the RESULT
> field is at the other end of the line and has a different name. And is there
> a good reason to use SOURCE/DEST some places but CLIENT/SERVER others?
I plead guilty about the names of the columns. Over 32+ years in the
industry, I have mentally equated the terms SOURCE, CLIENT and REQUESTER,
I've also equated DESTINATION and SERVER. In conversation, I use the
equated terms more or less interchangably even though there are some
subtle differences when they are used in the literature -- sorry.
As to the order of the columns, I tried to make the most significant item
relative to the algorithms first colunm in the file -- remember, I don't
have a database system here so I put the 'primary key' at the beginning of
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com