SECURITY Howto setup shorewall
From Gentoo Linux Wiki
This article is still a Stub. You can help Gentoo-Wiki by expanding it.
[edit] Shorewall Installation
Two tools are necessary for port shorewall: iproute and iptables Before we install these programs, we must make sure that the kernel has compiled-in iptables support (otherwise nothing will work). To install iptables you must enable the option "Network packet filtering (replaces ipchains)" (A.K.A. NETFILTER). You can find this option under:
| Linux Kernel Configuration: Networking |
Networking--> Networking options--> [*] Network packet filtering (replaces ipchains) |
Now recompile the kernel if necessary, reboot the system and run:
$ emerge net-firewall/shorewall
Next we will write some config files.Adapt the values to your own network.
| File: /etc/shorewall/shorewall.conf |
STARTUP_ENABLED=Yes |
| File: /etc/shorewall/interfaces |
net eth0 192.168.1.255 tcpflags,nosmurfs |
| File: /etc/shorewall/policy |
uncomment the lines that begins with fw,net,all |
| File: /etc/shorewall/zones |
uncomment the line: net ipv4 |
Now you have a desktop firewall that allows all outbound traffic and blocks all inbound. Lets start the firewall:
$ shorewall start
Troubleshooting (2 interface setup)
shorewall -vv restart
will give debugging information if it doesnt start
shorewall show and shorewall dump
will give output of a running firewall
- DNS doesnt work
you need to allow your firewall to connect to local network
| File: /etc/shorewall/policy |
$FW net ACCEPT $FW loc ACCEPT $FW all REJECT |
