whissi@gentoo.org Thomas Deutschmann netmon@gentoo.org Gentoo network monitoring and analysis project The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and there is no "Shorewall process" left running in your system. The /usr/sbin/shorewall program can be used at any time to monitor the Netfilter firewall. http://shorewall.net/Documentation_Index.html shorewall Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces Installs everything needed to create a full IPv4 firewall Adds the capability to create a full IPv6 firewall (requires net-firewall/shorewall ipv4 USE flag) Installs everything needed to just *run* an IPv4 compiled firewall script created with net-firewall/shorewall ipv4 USE flag Installs everything needed to just *run* an IPv6 compiled firewall script created with net-firewall/shorewall ipv6 USE flag