Some Things that Shorewall Does Not Do

Tom Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

2005-02-20


Table of Contents

Shorewall Does not:
In Addition:

Shorewall Does not:

  • Act as a “Personal Firewall” that allows internet access by application.

  • Work with an Operating System other than Linux (version >= 2.4.0)

  • Act as a Proxy (although it can be used with a separate proxy such as Squid or Socks).

  • Do content filtering:

  • Set up Routing (except to support Proxy ARP)

  • Do Traffic Shaping/Bandwidth Management (although it provides hooks to interface to Traffic Control/Bandwidth Management solutions)

  • Configure/manage Network Devices (your Distribution includes tools for that).

In Addition:

  • Shorewall generally does not contain any support for Netfilter Patch-O-Matic-ng features or any other features that require kernel patching -- Shorewall only supports features from released kernels except in unusual cases.