Shorewall
Template:Short description Template:Use dmy dates Template:Multiple issues
{{#invoke:Infobox|infobox}}Template:Template other{{#invoke:Check for unknown parameters | check | showblankpositional=1 | unknown = Template:Main other | preview = Page using Template:Infobox software with unknown parameter "_VALUE_"|ignoreblank=y | AsOf | author | background | bodystyle | caption | collapsetext | collapsible | developer | discontinued | engine | engines | genre | included with | language | language count | language footnote | latest preview date | latest preview version | latest release date | latest release version | latest_preview_date | latest_preview_version | latest_release_date | latest_release_version | licence | license | logo | logo alt | logo caption | logo upright | logo size | logo title | logo_alt | logo_caption | logo_upright | logo_size | logo_title | middleware | module | name | operating system | operating_system | other_names | platform | programming language | programming_language | released | replaced_by | replaces | repo | screenshot | screenshot alt | screenshot upright | screenshot size | screenshot title | screenshot_alt | screenshot_upright | screenshot_size | screenshot_title | service_name | size | standard | title | ver layout | website | qid }}Template:Main other
Shorewall is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files. Its documentation is hosted on shorewall.org, while the latest code is hosted at https://gitlab.com/shorewall/code.
ConfigurationEdit
It is not a daemon since it does not run continuously, but rather configures rules in the kernel allowing and disallowing traffic through the system. Shorewall is configured through a group of plain-text configuration files and does not have a graphical user interface, though a Webmin module is available separately. A monitoring utility packaged with Shorewall can be used to watch the status of the system as it operates and to assist in testing.
UseEdit
Shorewall is mainly used in network installations<ref name=":0">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> (as opposed to a personal computer firewall), since most of its strength lies in its ability to work with "zones",<ref name=":0" /> such as the DMZ or a 'net' zone. Each zone would then have different rules, making it easy to have for example relaxed rules on the company intranet, yet clamp down on traffic coming in from the Internet.
The plain-text configuration files are usually well-commented and easy to use, though Shorewall may be more difficult for new users to handle than other firewall systems with graphical front-ends.Template:Citation needed
HistoryEdit
Starting with version 4, Shorewall began using a Perl-based compiler frontend; previously it used a shell-based compiler frontend.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> Support for IPv6 firewalling is included since version 4.2.4.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
On 18 February 2019, primary developer Tom Eastep announced that he is retiring from the project, and 5.2.3 would be his final release.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> Management of the Shorewall project was handed over to a Shorewall committee who would manage the future direction of the Shorewall project.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> Tom Eastep however continues to be a major contributor to the Shorewall project as of September 2020.