O > Block everything is just about the most sensible default I can think of, > given that there's no port that all or even most users will want open.
Agreed. It is the most secure option. But what are you with a firewall which doesn't allow you to use the Internet? A firewall which you can use, but only if you have studied security for a lifetime? The configuration of Shorewall is easy, but for experts only. It's about time an easy Shorewall configuration is available, if Shorewall wants to become a usable firewall for the "normal" user. As I am sure, it is a good piece of software. Toran
