shorewall_code/docs/GettingStarted.xml

216 lines
7.0 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>Getting Started with Shorewall</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2006</year>
<year>2007</year>
<year>2010</year>
2011-02-04 15:44:02 +01:00
<year>2011</year>
<year>2016</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<caution>
<para><emphasis role="bold">Do not attempt to install Shorewall on a
remote system. You are virtually assured to lock yourself
out.</emphasis></para>
</caution>
2011-02-04 15:45:53 +01:00
<para>Please read this short article first.</para>
<itemizedlist>
<listitem>
<para><ulink url="Introduction.html">Introduction to
Shorewall</ulink></para>
</listitem>
</itemizedlist>
2010-08-01 03:43:54 +02:00
<para>Now, <ulink url="Install.htm">install Shorewall</ulink>.</para>
<para>Next, read the QuickStart Guide that is appropriate for your
configuration:</para>
<para><emphasis role="bold">If you just want to protect a system: (Requires
Shorewall 4.4.12-Beta3 or later)</emphasis></para>
<itemizedlist>
<listitem>
<para><ulink url="Universal.html">Universal</ulink> configuration --
requires no configuration to protect a single system.</para>
<caution>
<para>This configuration places all interfaces in the net zone. If you
add another interface or VPN, you will want to select a different
QuickStart Guide.</para>
</caution>
</listitem>
</itemizedlist>
<para><emphasis role="bold">If you have only one public IP
address:</emphasis></para>
<itemizedlist>
<listitem>
<para><ulink url="standalone.htm">Standalone</ulink> Linux System with a
2010-08-01 03:43:54 +02:00
single network interface (if you are running Shorewall 4.4.12 Beta 3 or
later, use the <ulink url="Universal.html">Universal</ulink>
configuration instead).</para>
</listitem>
<listitem>
<para><ulink url="two-interface.htm">Two-interface</ulink> Linux System
acting as a firewall/router for a small local network. For
Redhat-specific install/configure information, see <ulink url="???">this
article </ulink>contributed by Digimer.</para>
</listitem>
<listitem>
<para><ulink url="three-interface.htm">Three-interface</ulink> Linux
System acting as a firewall/router for a small local network and a
DMZ.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">If you have more than one public IP
address:</emphasis></para>
<itemizedlist>
<listitem>
<para>The <ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink> outlines the steps necessary to set up a firewall where
there are multiple public IP addresses involved or if you want to learn
more about Shorewall than is explained in the single-address guides
above.</para>
</listitem>
</itemizedlist>
<para>The following articles are also recommended reading for
newcomers.</para>
<itemizedlist>
<listitem>
<para><ulink url="configuration_file_basics.htm">Configuration File
Basics</ulink><blockquote>
<para><informaltable frame="none">
<tgroup cols="2">
<tbody valign="middle">
<row>
<entry><ulink
url="configuration_file_basics.htm#Manpages">Man
Pages</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#MAC">Using MAC
Addresses in Shorewall</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#Comments">Comments in
configuration files</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#Variables">Using Shell
Variables</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#COMMENT">Attach Comment
to Netfilter Rules</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#dnsnames">Using DNS
Names</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#Continuation">Line
Continuation</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#Compliment">Complementing
an IP address or Subnet</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#INCLUDE">INCLUDE
Directive</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#IPRanges">IP Address
Ranges</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#Ports">Port
Numbers/Service Names</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#Levels">Shorewall
Configurations (making a test
configuration)</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#Ranges">Port
Ranges</ulink></entry>
<entry/>
</row>
</tbody>
</tgroup>
</informaltable></para>
</blockquote></para>
</listitem>
2009-04-21 00:35:19 +02:00
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall and Shorewall Lite</ulink> contains a lot of useful
operational hints.</para>
</listitem>
<listitem>
<para>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
Processing with Shorewall ) <ulink
url="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</ulink></para>
</listitem>
</itemizedlist>
</article>