Shoreline Firewall 3.2.6 review

by on

Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter

License: GPL (GNU General Public License)
File size: 0K
Developer: Thomas M. Eastep
0 stars award from

Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files.

Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Shorewall is not a daemon. Once Shorewall has configured Netfilter, it's job is complete and there is no “Shorewall process” left running in your system.

Here are some key features of "Shoreline Firewall":
Uses Netfilter's connection tracking facilities for stateful packet filtering.
Can be used in a wide range of router/firewall/gateway applications .
- Completely customizable using configuration files.
- No limit on the number of network interfaces.
- Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones.
- Multiple interfaces per zone and multiple zones per interface permitted.
- Supports nested and overlapping zones.
QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly
A GUI is available via Webmin 1.060 and later (
Extensive documentation in available in both XML and HTML formats.
Flexible address management/routing support (and you can use all types in the same firewall):
- Masquerading/SNAT.
- Port Forwarding (DNAT).
- One-to-one NAT.
- Proxy ARP.
- NETMAP (requires a 2.6 kernel or a patched 2.4 kernel).
Blacklisting of individual IP addresses and subnetworks is supported.
Operational Support.
- Commands to start, stop and clear the firewall
- Supports status monitoring with an audible alarm when an “interesting” packet is detectez.
- Wide variety of informational commands.
VPN Support.
- IPSEC, GRE, IPIP and OpenVPN Tunnels.
- PPTP clients and Servers.
Support for Traffic Control/Shaping integration (although Shorewall itself contains no Traffic/Bandwidth control facilities).
Wide support for different GNU/Linux Distributions.
- RPM and Debian packages available.
- Includes automated install, upgrade, fallback and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages.
- Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash).
Media Access Control (MAC) Address Verification.
Traffic Accounting.
Bridge/Firewall support (requires a 2.6 kernel or a patched 2.4 kernel).

What's New in This Release:
Fix echo problem.
Fix tcrules handling.
Fix LOGFORMAT whitespace problem.
Fix policy match/norfc1918.
Implement -c option to [re]load command.
Remove optimizaiton that suppressed ACCEPT part of a nat rule when the policy was ACCEPT.
Fix silly "all+" buglet.
Suppress ingress qdisc creation if IN-BANDWIDTH == 0.
Don't return error status on 'start' when Shorewall is already started.
Re-order operations in the scripts.
Fix Maclist embarassment from 3.2.5.
Fix progress messages in add and delete
Collapse 'action' and 'action:none' into a single chain.
Fix IPSETS_SAVE=Yes bug.
Fix zone definition via ipsets when BRIDGING=No.

Shoreline Firewall 3.2.6 keywords