Family Connection - Website Setup, Shorewall Firewall

Site

Games

History

About

Home

Portal

Football

Security

Kings Corner

Poison Pair

Contact Me

Basic Training

Website Setup

Website Setup, Shorewall Firewall...

Follow the instructions below to install the Shorewall Firewall. At the time of this writing, the version included with Debian Etch is 3.2.

Login the server as root.
Type: apt-get install shorewall
When requested, enter 'y' to continue the installation.
If needed, install the requested Debian CD and press enter.
/etc/shorewall/shorewall.conf should not need to be changed.
Type: cp /usr/share/doc/shorewall/default-config/* /etc/shorewall
This will copy the example configuration files.
Modify the following files (examples below)
    /etc/shorewall/zones
    /etc/shorewall/interfaces
    /etc/shorewall/hosts
    /etc/shorewall/rules
    /etc/shorewall/policy
    /etc/shorewall/actions (no changes for this config)
Modify /etc/default/shorewall and set 'STARTUP=1'
The log can be reviewed at: /var/log/shorewall-init.log

Filename: /etc/shorewall/zones

This file contains the zones of the network.

    ...
###############################################################################
#ZONE    TYPE        OPTIONS        IN            OUT
#                                   OPTIONS       OPTIONS
fw       firewall
loc      ipv4
net      ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Filename: /etc/shorewall/interfaces

This file contains the definitions of ethernet cards installed in the computer. The example below is for the fc1 server.

    ...
###############################################################################
#ZONE   INTERFACE   BROADCAST       OPTIONS
-       eth0        192.168.254.101
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Filename: /etc/shorewall/hosts

This file specifies IP addresses of the internal network.

    ...
###############################################################################
#ZONE   HOST(S)              OPTIONS
loc     eth0:192.168.0.0/16
net     eth0:0.0.0.0/0
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Filename: /etc/shorewall/rules

This file specify what ports will be open for the zones.

    ...
###############################################################################
#ACTION SOURCE    DEST    PROTO   DEST    SOURCE    ORIGINAL   RATE     USER/
#                                 PORT(S) PORT(S)   DEST       LIMIT    GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
ACCEPT net       fw      tcp domain,www,https
ACCEPT net       fw      udp domain
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Filename: /etc/shorewall/policy

This file determines what should be done if there is no match in the 'rules' file.

    ...
###############################################################################
#SOURCE     DEST        POLICY      LOG     LIMIT:BURST
#                                  LEVEL
fw          all         ACCEPT
loc         all         ACCEPT
all         all         DROP
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Filename: /etc/default/shorewall

This file contains the indicator that will start the firewall.

# prevent startup with default configuration
# set the below variable to 1 in order to allow shorewall to start
startup=1
...