SHOREWALL

By DhotoRevised by Idris

Shorewall

Shorewall tools for building a firewall variable : interfaces, zones, rules

Shorewall

Interfaces

# ifconfig --> eth0

Zones

Your network --> Net Your Server --> fw

Rules

from fw to Net --> Ok / Accept from Net to fw --> access denied / drop from other --> access denied / drop

Installation

Remove :~# apt-get remove portmap :~# apt-get remove nfs-common :~# apt-get remove pidentd

Installation

Install text editor :~# apt-get install vim :~# apt-get install mc

Installation

Install iptables :~# apt-get install iptables

watch your firewall :~# iptables -nL

Installation

Install Shorewall :~# apt-get remove –purge shorewall :~# apt-get install shorewall

Install documentation :~# apt-get remove –purge shorewall :~# apt-get install shorewall-doc

Configuration goto shorewall directory

:~# cd /etc/shorewall look inside

:/etc/shorewall# ls :/etc/shorewall# iptables -nL

Configuration

copy example from shorewall examples # cp /usr/share/doc/shorewall/examples/one-

interface/* /etc/shorewall/ # cd /etc/shorewall/ # gunzip *.gz

Configuration

Change /etc/default/shorewall from

startup=0

to

startup=1 # vim /etc/default/shorewall

change the startup

Activate the firewall

do this

# /etc/init.d/shorewall start watch your firewall

# iptables –nL | less

RFC1918 for Private IP

default shorewall allow Public-IP # vim /etc/shorewall/interfaces

remove norfc1918 net eth0 detect

norfc1918,routefilter,dhcp,tcpflags to

net eth0 detect routefilter,dhcp,tcpflags

activate some connection on rules

permit http connection to server #vim /etc/shorewall/rules

get to the bottom, add the rules ACCEPT all fw tcp 80

Restart the firewall # /etc/init.d/shorewall restart

Thank you