Shorewall Documentation
Tom
Eastep
2004-07-20
2001-2004
Thomas M. Eastep
2.0.3
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation License
.
Are you running Shorewall on Mandrake Linux
with a two-interface setup?
If so and if you configured your system while running a Mandrake
release earlier than 10.0 final then this documentation will not apply
directly to your environment. If you want to use the documentation that
you find here, you will want to consider uninstalling what you have and
installing a configuration that matches this documentation. See the Two-interface QuickStart Guide for
details.
Introduction to Shorewall
QuickStart Guides
(HOWTOS)
The remainder of the Documentation supplements the QuickStart Guides.
Please review the appropriate guide before trying to use this documentation
directly.
2.6 Kernel
Accounting
Aliased
(virtual) Interfaces (e.g., eth0:0)
Bandwidth Control
Blacklisting
Static Blacklisting using /etc/shorewall/blacklist
Dynamic Blacklisting using /sbin/shorewall
Bridge/Firewall
Commands
(Description of all /sbin/shorewall commands)
Common configuration
file features Comments in configuration
filesLine ContinuationINCLUDE DirectivePort Numbers/Service Namesconfiguration_file_basics.htm#PortsPort RangesUsing Shell VariablesUsing DNS NamesComplementing an IP
address or SubnetShorewall Configurations
(making a test configuration)Using MAC Addresses in Shorewall
Configuration File Reference Manual
paramszonesinterfaceshostspolicyrulesmasqproxyarpnattunnelstcrulesshorewall.confmodulestosblacklistrfc1918routestoppedaccountingusersets and usersmaclistactions and action.templatebogonsnetmap
Corporate Network Example
(Contributed by a Graeme Boyle)
DHCP
ECN Disabling by host or subnet
Errata
Extension Scripts
(How to extend Shorewall without modifying Shorewall code through the
use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)
Fallback/Uninstall
FAQs
Features
Forwarding Traffic on the Same
Interface
FTP and Shorewall
Getting help or answers to questions
Installation/Upgrade
IPSEC
Kazaa Filtering
Kernel Configuration
Logging
MAC Verification
Multiple Zones Through One
Interface
My Shorewall Configuration (How I
personally use Shorewall)
Netfilter Overview
Network Mapping
One-to-one NAT (Static NAT)
OpenVPN
Operating
Shorewall
Packet Processing in a
Shorewall-based Firewall
'Ping' Management
Port Information
Which applications use which ports
Ports used by Trojans
PPTP
Proxy ARP
Release Model
Requirements
Routing on One Interface
Samba
Shorewall Setup GuideIntroductionShorewall ConceptsNetwork InterfacesAddressing, Subnets and
RoutingIP AddressesSubnetsRoutingAddress Resolution Protocol (ARP)RFC 1918Setting up your NetworkRoutedNon-routedSNATDNATProxy ARPOne-to-one NATRulesOdds and EndsDNSStarting and Stopping the
Firewall
SMB
Starting/stopping
the FirewallDescription of all
/sbin/shorewall commandsHow to safely
test a Shorewall configuration change
Squid with Shorewall
Static (one-to-one) NAT
Traffic Accounting
Traffic Shaping/QOS
Troubleshooting (Things to
try if it doesn't work)
User-defined Actions
UID/GID Based Rules
Upgrade Issues
VPN
IPSEC
GRE and IPIP
OpenVPN
PPTP
6to4
IPSEC/PPTP passthrough from a system
behind your firewall to a remote network
Other VPN types
White List Creation