Tom Eastep 2003-12-08 2001 2002 2003 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". With thanks to Richard who reminded me once again that we must all first walk before we can run. The French Translations of the single-IP guides are courtesy of Patrice Vetsel. The French Translation of the Shorewall Setup Guide is courtesy of Fabien Demassieux.

These guides provide step-by-step instructions for configuring Shorewall in common firewall setups.

These guides are designed to get your first firewall up and running quickly in the three most common Shorewall configurations. If you want to learn more about Shorewall than is explained in the above simple guides,  the Shorewall Setup Guide (See Index Below) is for you.Standalone Linux System (Version Française)Two-interface Linux System acting as a firewall/router for a small local network (Version Française)Three-interface Linux System acting as a firewall/router for a small local network and a DMZ. (Version Française)

The Shorewall Setup Guide (See Index Below) outlines the steps necessary to set up a firewall where there are multiple public IP addresses involved or if you want to learn more about Shorewall than is explained in the single-address guides above (Version Française).

The following documentation covers a variety of topics and supplements the QuickStart Guides described above. Please review the appropriate guide before trying to use this documentation directly. If you use one of these guides and have a suggestion for improvement please let me know. Accounting Aliased (virtual) Interfaces (e.g., eth0:0) Blacklisting Static Blacklisting using /etc/shorewall/blacklist Dynamic Blacklisting using /sbin/shorewall Commands (Description of all /sbin/shorewall commands) Common configuration file features Comments in configuration filesLine ContinuationINCLUDE DirectivePort Numbers/Service Namesconfiguration_file_basics.htm#PortsPort RangesUsing Shell VariablesUsing DNS NamesComplementing an IP address or SubnetShorewall Configurations (making a test configuration)Using MAC Addresses in Shorewall Configuration File Reference Manual paramszonesinterfaceshostspolicyrulescommonmasqproxyarpnattunnelstcrulesshorewall.confmodulestosblacklistrfc1918routestoppedaccountingusersets and usersmaclistactions and action.template Corporate Network Example (Contributed by a Graeme Boyle) DHCP ECN Disabling by host or subnet Errata Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.) Fallback/Uninstall FAQs Features Forwarding Traffic on the Same Interface FTP and Shorewall Getting help or answers to questions Greater Seattle Linux Users Group Presentation HTML PowerPoint Installation/Upgrade IPSEC Kazaa Filtering Kernel Configuration Logging MAC Verification Mailing Lists Multiple Zones Through One Interface My Shorewall Configuration (How I personally use Shorewall) Netfilter Overview One-to-one NAT (Formerly referred to as Static NAT) OpenVPN Operating Shorewall 'Ping' Management Port Information Which applications use which ports Ports used by Trojans PPTP Proxy ARP Requirements Samba Shorewall Setup GuideIntroductionShorewall ConceptsNetwork InterfacesAddressing, Subnets and RoutingIP AddressesSubnetsRoutingAddress Resolution Protocol (ARP)RFC 1918Setting up your NetworkRoutedNon-routedSNATDNATProxy ARPOne-to-one NATRulesOdds and EndsDNSStarting and Stopping the Firewall Starting/stopping the FirewallDescription of all /sbin/shorewall commandsHow to safely test a Shorewall configuration change Squid with Shorewall Traffic Accounting Traffic Shaping/QOS Troubleshooting (Things to try if it doesn't work) User-defined Actions UID/GID Based Rules Upgrade Issues VPN IPSEC GRE and IPIP OpenVPN PPTP 6to4 IPSEC/PPTP passthrough from a system behind your firewall to a remote network Other VPN types White List Creation