Quotes from Users

Tom Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License.


Table of Contents

What Users are saying...

What Users are saying...


I want to say that Shorewall documentation is the best I've ever found on the net. It's helped me a lot in understanding how network is working. It is the best of breed. It contains not only Shorewall specific topics with the assumption that all the rest is well known, but also gives some very useful background information. Thank you very much for this wonderful piece of work.

 --AS, Poland

I have fought with IPtables for untold hours. First I tried the SUSE firewall, which worked for 80% of what I needed. Then gShield, which also worked for 80%. Then I set out to write my own IPtables parser in shell and awk, which was a lot of fun but never got me past the hey, cool stage. Then I discovered Shorewall. After about an hour, everything just worked. I am stunned, and very grateful

 --ES, Phoenix AZ, USA

In two words, I'd call Shorewall "brilliant simplicity". Define general rules of what it is you want to do, and let the software determine the specific rules on how to implement it. It's great only having to define specific rules for specific instances. I have a much higher degree of confidence in my firewall than I have had previously. Thank you for Shorewall!.

 --SE, California, USA

The configuration is intuitive and flexible, and much easier than any of the other iptables-based firewall programs out there. After sifting through many other scripts, it is obvious that yours is the most well thought-out and complete one available.

 --BC, USA

I just installed Shorewall after weeks of messing with ipchains/iptables and I had it up and running in under 20 minutes!

 --JL, Ohio

My case was almost like [the one above]. Well. instead of weeks it was months for me, and I think I needed two minutes more:

  • One to see that I had no Internet access from the firewall itself.

  • Other to see that this was the default configuration, and it was enough to uncomment a line in /etc/shorewall/policy.

Minutes instead of months! Congratulations and thanks for such a simple and well documented thing for something as huge as iptables

 --JV, Spain

I downloaded Shorewall 1.2.0 and installed it on Mandrake 8.1 without any problems. Your documentation is great and I really appreciate your network configuration info. That really helped me out alot. THANKS!!!


[Shorewall is a] great, great project. I've used/tested may firewall scripts but this one is till now the best.

 --B.R, Netherlands

Never in my +12 year career as a sys admin have I witnessed someone so relentless in developing a secure, state of the art, safe and useful product as the Shorewall firewall package for no cost or obligation involved.

 --Mario Kerecki, Toronto

one time more to report, that your great shorewall in the latest release 1.2.9 is working fine for me with SUSE Linux 7.3! I now have 7 machines up and running with shorewall on several versions - starting with 1.2.2 up to the new 1.2.9 and I never have encountered any problems!

 --SM, Germany

You have the best support of any other package I've ever used.

 --SE, US

Because our company has information which has been classified by the national government as secret, our security doesn't stop by putting a fence around our company. Information security is a hot issue. We also make use of checkpoint firewalls, but not all of the Internet servers are guarded by checkpoint, some of them are running....Shorewall.

 --Name withheld by request, Europe

thanx for all your efforts you put into shorewall - this product stands out against a lot of commercial stuff i´ve been working with in terms of flexibility, quality & support

 --RM, Austria

I have never seen such a complete firewall package that is so easy to configure. I searched the Debian package system for firewall scripts and Shorewall won hands down.

 --RG, Toronto

My respects... I've just found and installed Shorewall 1.3.3-1 and it is a wonderful piece of software. I've just sent out an email to about 30 people recommending it. :-)

While I had previously taken the time (maybe 40 hours) to really understand ipchains, then spent at least an hour per server customizing and carefully scrutinizing firewall rules, I've got shorewall running on my home firewall, with rule sets and policies that I know make sense, in under 20 minutes.

 --RP, Guatemala


Frequently Used Articles

- FAQs - IPv4 Manpages - IPv6 Manpages - Configuration File Basics - Beginner Documentation - Troubleshooting

Shorewall 4.0/4.2 Documentation

Current HOWTOs and Other Articles

- 6to4 and 6in4 Tunnels - Accounting - Actions - Aliased (virtual) Interfaces (e.g., eth0:0) - Anatomy of Shorewall - Anti-Spoofing Measures - AUDIT Target support - Bandwidth Control - Blacklisting/Whitelisting - Bridge/Firewall - Building Shorewall from GIT - Commands - Compiled Programs - Configuration File Basics - DHCP - DNAT - Dynamic Zones - ECN Disabling by host or subnet - Events - Extension Scripts - Fallback/Uninstall - FAQs - Features - Fool's Firewall - Forwarding Traffic on the Same Interface - FTP and Shorewall - Helpers/Helper Modules - Installation/Upgrade - IPP2P - IPSEC - Ipsets - IPv6 Support - ISO 3661 Country Codes - Kazaa Filtering - Kernel Configuration - KVM (Kernel-mode Virtual Machine) - Limiting Connection Rates - Linux Containers (LXC) - Linux-vserver - Logging - Macros - MAC Verification - Manpages (IPv4) (IPv6) - Manual Chains - Masquerading - Multiple Internet Connections from a Single Firewall - Multiple Zones Through One Interface - My Shorewall Configuration - Netfilter Overview - Network Mapping - No firewalling of traffic between bridge port - One-to-one NAT - Operating Shorewall - OpenVPN - OpenVZ - Packet Marking - Packet Processing in a Shorewall-based Firewall - 'Ping' Management - Port Forwarding - Port Information - Port Knocking (deprecated) - Port Knocking, Auto Blacklisting and Other Uses of the 'Recent Match' - PPTP - Proxy ARP - QuickStart Guides - Release Model - Requirements - Routing and Shorewall - Routing on One Interface - Samba - Shorewall Events - Shorewall Init - Shorewall Lite - Shorewall on a Laptop - Shorewall Perl - Shorewall Setup Guide - SMB - SNAT - Split DNS the Easy Way - Squid with Shorewall - Starting/stopping the Firewall - Static (one-to-one) NAT - Support - Tips and Hints - Traffic Shaping/QOS - Simple - Traffic Shaping/QOS - Complex - Transparent Proxy - UPnP - Upgrade Issues - Upgrading to Shorewall 4.4 (Upgrading Debian Lenny to Squeeze) - VPN - VPN Passthrough - White List Creation - Xen - Shorewall in a Bridged Xen DomU - Xen - Shorewall in Routed Xen Dom0

Top of Page