Upload
philomena-henderson
View
215
Download
1
Embed Size (px)
Citation preview
SHOREWALL
By DhotoRevised by Idris
Shorewall
Shorewall tools for building a firewall variable : interfaces, zones, rules
Shorewall
Interfaces
# ifconfig --> eth0
Zones
Your network --> Net Your Server --> fw
Rules
from fw to Net --> Ok / Accept from Net to fw --> access denied / drop from other --> access denied / drop
Installation
Remove :~# apt-get remove portmap :~# apt-get remove nfs-common :~# apt-get remove pidentd
Installation
Install text editor :~# apt-get install vim :~# apt-get install mc
Installation
Install iptables :~# apt-get install iptables
watch your firewall :~# iptables -nL
Installation
Install Shorewall :~# apt-get remove –purge shorewall :~# apt-get install shorewall
Install documentation :~# apt-get remove –purge shorewall :~# apt-get install shorewall-doc
Configuration goto shorewall directory
:~# cd /etc/shorewall look inside
:/etc/shorewall# ls :/etc/shorewall# iptables -nL
Configuration
copy example from shorewall examples # cp /usr/share/doc/shorewall/examples/one-
interface/* /etc/shorewall/ # cd /etc/shorewall/ # gunzip *.gz
Configuration
Change /etc/default/shorewall from
startup=0
to
startup=1 # vim /etc/default/shorewall
change the startup
Activate the firewall
do this
# /etc/init.d/shorewall start watch your firewall
# iptables –nL | less
RFC1918 for Private IP
default shorewall allow Public-IP # vim /etc/shorewall/interfaces
remove norfc1918 net eth0 detect
norfc1918,routefilter,dhcp,tcpflags to
net eth0 detect routefilter,dhcp,tcpflags
activate some connection on rules
permit http connection to server #vim /etc/shorewall/rules
get to the bottom, add the rules ACCEPT all fw tcp 80
Restart the firewall # /etc/init.d/shorewall restart
Thank you