By definition shorewall is not a firewall, it is a way to (more) easily configure iptables to work as a firewall.
- First install shorewall “$ apt-get intall shorewall”
- Enter /etc/shorewall
- Copy the example files from /usr/share/doc/shorewall-common/default-config/ (might also be located in /usr/share/doc/shorewall/default-config/) “$ cp /usr/share/doc/shorewall-common/default-config/* .”
- Edit the files and enter the data that your system has
- First create zones “$ nano zones”
#ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS fw firewall net ipv4 vpn ipv4 - Connect zones with interfaces”$ nano interfaces”
#ZONE INTERFACE BROADCAST OPTIONS net eth0 detect tcpflags,blacklist,dhcp vpn tun0 - - Create policies “$ nano policy”
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST fw net ACCEPT vpn net ACCEPT vpn fw ACCEPT fw vpn ACCEPT net all DROP info all all DROP info - Create rules “$ nano rules”
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT(S) PORT(S) DEST LIMIT GROUP ACCEPT net fw tcp 22 # ssh ACCEPT net fw tcp 80 # web
- Verify that the rules are fine “$ shorewall check”
- Edit /etc/default/shorewall and set startup to 1
# prevent startup with default configuration # set the following varible to 1 in order to allow Shorewall to start startup=1
- Start the firewall “$ /etc/init.d/shorewall start”
- First create zones “$ nano zones”
If you later decide to update rules, zones etc run “$ /etc/init.d/shorewall restart” to load the changes.