At 2/6/2025 02:25 PM, Winston wrote: >Shorewall (and Shorewall6) has been fantastic to me, as a multi-ISP user. >I'm deeply indebted to Tom for this fantastic tool, and all the work he put >into the documentation especially. Nothing else seems to come close to >ease-of-configuration and maintenance. I'm dreading the day when Debian (or >the kernel itself) moves iptables from deprecated to discarded, and I know >that nftables is the future, but I'm still yet waiting for something that even >comes close before I risk destablizing everything my home system relies upon. > Tom, if you're reading this, can I ask - are you still running your own >systems, and what you expect to be shifting to yourself?
I have used shorewall since I can't remember. I struggled quite a while (4 years) trying to find an alternative to shorewall. Nothing was right for me and nothing compared to shorewall, until foomuuri came along. Yes, systemd is likely needed. foomuuri is still young but I see it as my path forward with nftables. As for iptables going obsolete, on my previous debian (bookworm) router using shorewall, typing: nft list ruleset I see that the shorewall iptables was converted to nftables anyway via iptables-nft. So as long as iptables-nft exists, shorewall should be converting to nftables. I have now converted to foomuuri and find it was relatively painless, including ulogd2 logging. I also found adding blocklists fairly convenient with automatic daily updates. https://blog.frehi.be/2024/11/30/protecting-your-server-from-known-bad-ips-with-foomuuri-iplists/ and other things from https://blog.frehi.be/ - a former shorewall user. Wayne
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
