enloop Posted December 31, 2003 Report Share Posted December 31, 2003 After using a variety of Linux flavors for several years, I've recently purchased and installed Mandrake 9.2 (the PowerPack box). I've noticed that both iptables and Shorewall are installed by default. Why? I've also noticed that both Shorewall and iptables are set to run at boot, but the Mandrake's GUI tool shows iptables as "Stopped" and ignores a "Start" command. Again, why? To enable Mandrake's "personal firewall" on a single desktop, do I need to run both Shorewall and iptables? Or just one? What's their relationship? Quote Link to comment Share on other sites More sharing options...
fuzzylizard Posted December 31, 2003 Report Share Posted December 31, 2003 From what I understand, iptables is what a firewall like Shorewall will use to enforce all its rules. There are two main methods of creating a firewall on LInux -- ipchains and iptables. IPChains was used with the 2.2.x kernel and has now been replaced with iptables. Any program that creates a firewall will, therefore, use one of those two technologies. All the firewall programs really do is make the creation of iptables rules easier. They can be quite cryptic and difficult to correctly setup. As for why iptables is labeled as stopped, I can not say as I don't run a firewall on my linux box. Hope that helps a bit though. Quote Link to comment Share on other sites More sharing options...
roland Posted December 31, 2003 Report Share Posted December 31, 2003 Yes Firewall are just "front end" for iptable. On our server at work, running Mandy 9.1, iptable is stopped too. Must be normal. by roland Quote Link to comment Share on other sites More sharing options...
bvc Posted December 31, 2003 Report Share Posted December 31, 2003 shorewall is a wrapper/controller of iptables. I guess iptables is stopped because shorewall is running it? But yes, they both need to be set at boot to function properly under shorewalls control. Quote Link to comment Share on other sites More sharing options...
Catfisherman Posted January 1, 2004 Report Share Posted January 1, 2004 iptables only runs at boot and sets the rules that are used. I know i was thinking the same thing, that if it says stopped that it meant that the firewall wasn't running, but thats not true. iptables is run when you boot to set the rules , only time that it is run after boot is if you change your rules, at least thats how it was explained to me. You can check to see if your rules are working by going to grc.com, at least thats where i check, amoung other sites. Quote Link to comment Share on other sites More sharing options...
iphitus Posted January 1, 2004 Report Share Posted January 1, 2004 (edited) As others have said, shorewall is a frontend. Inside the kernel there is Netfilter this is what does all the filtering but netfilter is very dumb, so the iptables kernel module is loaded to tell it what to do. Although iptables isnt always that easy to use, so people made frontends like Shorewall, Firestarter and others. Anyway, my point is that iptables is a module, the iptables service loads it then dies, the service is not a terminate and stay resident program ( meaning keeping on running -- like apache ). It just loads a kernel module. Edited January 1, 2004 by iphitus Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.