[Shorewall-users] Shorewall 1.3 Beta 1

Tom Eastep teastep@shorewall.net
Fri, 17 May 2002 18:40:11 -0700 (Pacific Daylight Time)


On Fri, 17 May 2002, Steve Herber wrote:

> I started using a Cisco Pix firewall about three years ago and the
> main problem I had was understanding some of the syntax for the port
> forwarding rules.  What I really liked about shorewall was how simple
> the configuration files were for the simple cases.  But I have always
> had a problem with the rules file because of the multiple possibilities.
> Not that the possibilities are bad, but because the syntax, just like the
> Pix syntax, doesn't fit the way I look at network connections.  I agree
> with John that lots happens in the file.
>
> I really like systems to be regular and consistent.  Is there a reason that
> the order of the fields in the rules file and the tos file are different both
> in order and in name?  The same goes for the policy file where the RESULT
> field is at the other end of the line and has a different name.  And is there
> a good reason to use SOURCE/DEST some places but CLIENT/SERVER others?
>

I plead guilty about the names of the columns. Over 32+ years in the
industry, I have mentally equated the terms SOURCE, CLIENT and REQUESTER,
I've also equated DESTINATION and SERVER. In conversation, I use the
equated terms more or less interchangably even though there are some
subtle differences when they are used in the literature -- sorry.

As to the order of the columns, I tried to make the most significant item
relative to the algorithms first colunm in the file -- remember, I don't
have a database system here so I put the 'primary key' at the beginning of
the record.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net