Shorewall¶
Shorewall is a highly flexible firewall. Its configuration can be found in /etc/shorewall
.
Installation¶
to install shorewall:
sudo apt-get install shorewall
define the interfaces in
/etc/shorewall/interfaces
:net eth0 detect routefilter,tcpflags
define the zones in
/etc/shorewall/zones
:fw firewall net ipv4
define the default policies in
/etc/shorewall/policy
:net all DROP fw all ACCEPT
define the rules in
/etc/shorewall/rules
:#SECTION ALL #SECTION ESTABLISHED #SECTION RELATED SECTION NEW Invalid(DROP) net all DNS(ACCEPT) $FW net SSH(ACCEPT) all $FW Ping(ACCEPT) net $FW
test the configuration:
shorewall check
apply the configuration:
shorewall start
Start¶
sudo /etc/init.d/shorewall start
Stop¶
sudo /etc/init.d/shorewall stop
Disable¶
sed -i s/startup=1/startup=0/g /etc/default/shorewall
Enable¶
sed -i s/startup=0/startup=1/g /etc/default/shorewall
Responsible¶
Alexander Werner, Robert Einsle