Krass, der Hauptentwickler/ Maintainer Thomas M. Eastep des #Shorewall Firewall Tools ist mittlerweile ca. 81 Jahre alt, seinen letzten commit 2024 hat er also mit ca. 79 Jahren gemacht.

(hochgerechnet aus https://sourceforge.net/p/shorewall/mailman/message/35458915/ )

Has anyone ever built their own router? I was thinking: DSL modem (ALLnet) -> Raspberry Pi with RMN520N HAT.

#router #diyrouter #openwrt #linux #archlinux #shorewall #modem #RaspberryPi

On the weekend, I switched on a #foomuuri #nftables firewall.

I have been using #shorewall for so long that it is in my fingers.

Foomuuri is likeable and capable. I am finding my way around her peculiarities. Definitely stepping forward into it rather than falling back on my comfortable habits.

#debian

#FOSS #Linux #Firewall #Security #NetSec

Just finished migrating from #Shorewall (iptables) firewall configurator to #foomuuri (nftables) in my personal #Debian Sid laptop.

Took about four-five hours or so.

Ruleset is now shorter and actually easier to read. I have paranoid setup where even outgoing AND localhost traffic is filtered...

Feels refreshing after upgrade 👍 . And it's simply just great peace of #OpenSource software engineering:

https://github.com/FoobarOy/foomuuri

#til

* #shorewall, the trusty #linux #firewall you can simply describe in a few config files, has a `try` command to setup the firewall for a while and tear it down again after a timeout. Very good for configuring the firewall remotely; combine with ssh and #screen. I still lick my scars for the night I did the cowboy thing, tried to setup a firewall by hand, and the first thing I did was to `DROP` all packets. I lost a good job opportunity because of that. #NeverAgain

If you've followed our recent posts, you already know that we gave Shorewall a try to tidy up our VPN firewall rules and gain full overview about our configuration. Our migration to Shorewall has been successful and we'd like to share some insights in our configuration:

"Keeping the Wireguard VPN firewall clear with Shorewall" - https://blog.zero-iee.com/en/posts/vpn-firewall-shorewall/

Shorewall by Tom Eastep is just perfect for small to mid size firewall deployments that are mostly static and not too complex. One of our developers uses OpnSense and PfSense for more complex scenarios in his private projects.

Which firewall / configuration tool do you use and why?

#shorewall #firewall #wireguard #vpn #teamzero #zeroiee #blog #techblog #linux #debian

We're currently evaluating Shorewall [1] as a Firewall / iptables configuration tool.

Configuring iptables manually [2] works, but can get messy and thus is error prone. For our VPN server with its many customer VPNs, we are looking for a clearer solution that can be easily configured via configuration files. One of our developers has already used Shorewall and is impressed by the software. It was therefore a natural decision to take a look at it.

Initial experiments have gone well!

[1]: https://shorewall.org/
[2]: https://blog.zero-iee.com/posts/multi-tenant-wireguard-vpn-server/

#wireguard #shorewall #foss #server #vpn #firewall