A Sure Way to Securing Linux - Shoreline
If you have been searching for a cool and non-commercial/free Firewall tool for Linux, Shoreline Firewall also known as “Shorewall? may be a good choice. Shorewall uses iptables for configuring Netfilter in Linux and for experienced users, all that an administrator has to do is describe the firewall or gateway requirements using entries in a set of configuration files and Shorewall reads these files. Shorewall, with the help of the iptables utility, configures Netfilter to match user defined requirements. Administrators or even simple Linux users can build dedicated firewall systems, multi-function gateways, routers or servers.
How does it do all this? It does not use Netfilter’s ipchains compatibility mode taking advantage of Netfilter’s connection state tracking capabilities but it is still not a daemon and once Netfilter configured is configured via Shorewall, no “process? related to Shorewall is left running on the system. Shorewall also provides
Shorewall Features:
- Uses Netfilter’s connection tracking facilities for stateful packet filtering thus can be used in a wide range of router/firewall/gateway applications.
- Completely customizable using configuration files.
- No limit on the number of network interfaces.
- Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones.
- Multiple interfaces per zone and multiple zones per interface permitted.
- Supports nested and overlapping zones. - Extensive documentation in available in both XML and HTML formats incluing, QuickStart Guides and HowTos.
- A GUI is available via Webmin 1.060 and later (http://www.webmin.com)
- Flexible address management/routing support (and you can use all types in the same firewall):
- Masquerading/SNAT.
- Port Forwarding (DNAT).
- One-to-one NAT.
- Proxy ARP.
- NETMAP (requires a 2.6 kernel or a patched 2.4 kernel).
- Blacklisting of individual IP addresses and subnetworks is supported.
- Operational Support.
- Commands to start, stop and clear the firewall
- Supports status monitoring with an audible alarm when an “interesting? packet is detectez.
- Wide variety of informational commands.
- VPN Support.
- IPSEC, GRE, IPIP and OpenVPN Tunnels.
- PPTP clients and Servers.
- Support for Traffic Control/Shaping integration
- Wide support for different GNU/Linux Distributions.
- RPM and Debian packages available.
- Includes automated install, upgrade, fallback and uninstall facilities for users who can’t use or choose not to use the RPM or Debian packages.
- Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash).
- Media Access Control (MAC) Address Verification.
- Traffic Accounting.
- Bridge/Firewall support (requires a 2.6 kernel or a patched 2.4 kernel).
Leave a Reply