How do I use Shorewall as a Bridging Firewall?
Packet filters like Netfilter base their decisions on the contents of the various protocol headers at the front of each packet. Stateful packet filters (of which Netfilter is an example) use a combination of header contents and state created when the packet filter processed earlier packets. Netfilter (and Shorewall’s use of Netfilter) also consider the network interface(s) where each packet entered and/or where the packet will leave the firewall/router. When you specify a domain name in a Shorewall rule, the iptables program resolves that name to one or more IP addresses and the actual Netfilter rules that are created are expressed in terms of those IP addresses.