Nice write-up. I have a very similar setup, only I didn't delve into the netflow montioring/traffic shaping because it seemed a bit overkill for my needs.

Have you given any thought about what you might do with respect to Shorewall, given the this news?

Even assuming the worst - that is, that Shorewall development completely stalls - the firewall is fully functional for me and I haven't hit any show-stopping bugs, so my plan is to continue using it until it breaks somewhere down the line. After the many years of development that've gone into Shorewall, the dividends it pays now are the years and years of hardening that have let it age into a solid, reliable tool. My needs aren't really pushing the envelope of what Shorewall can do (just a home network gateway), so my hope is that I won't bump into anything esoteric in the meantime.

That's a good point. I suppose as long as I'm careful with updates, I should be able to leave it alone until there's a long-lost security bug found.

I used your post, thanks for your hard work!

that's the one! much thanks