Yes this is a wrapper and it persisted iptables well. But for anyone that says shorewall is just a wrapper, probably just skimmed a manual and don’t understand the real genius here.
what shorewall really did was make iptables feel like a polished usable firewall. iptables on its own is shit to work with. shorewall made it easy to use in so many cases.
congrats on your retirement and thanks for a great tool that I used for many years.
Not to shit on the author of shorewall, but i have to disagree: iptables is not shit to work on. Nor is iproute2. Or any of the low-level tools. They all have a place in the world.
Shorewall is probably nice tool but I have to agree. iptables (and netfilter thereof) are good to work with. In larger setups we used fwbuilder for generating the policy but it always boils down to understand iptables & netfilter.
what shorewall really did was make iptables feel like a polished usable firewall. iptables on its own is shit to work with. shorewall made it easy to use in so many cases.
congrats on your retirement and thanks for a great tool that I used for many years.