<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> <article> <!--$Id$--> <articleinfo> <title>Getting Started with Shorewall</title> <authorgroup> <author> <firstname>Tom</firstname> <surname>Eastep</surname> </author> </authorgroup> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <copyright> <year>2006</year> <year>2007</year> <year>2010</year> <year>2011</year> <holder>Thomas M. Eastep</holder> </copyright> <legalnotice> <para>Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para> </legalnotice> </articleinfo> <caution> <para><emphasis role="bold">Do not attempt to install Shorewall on a remote system. You are virtually assured to lock yourself out.</emphasis></para> </caution> <para>Please read this short article first.</para> <itemizedlist> <listitem> <para><ulink url="Introduction.html">Introduction to Shorewall</ulink></para> </listitem> </itemizedlist> <para>Now, <ulink url="Install.htm">install Shorewall</ulink>.</para> <para>Next, read the QuickStart Guide that is appropriate for your configuration:</para> <para><emphasis role="bold">If you just want to protect a system: (Requires Shorewall 4.4.12-Beta3 or later)</emphasis></para> <itemizedlist> <listitem> <para><ulink url="Universal.html">Universal</ulink> configuration -- requires no configuration to protect a single system.</para> </listitem> </itemizedlist> <para><emphasis role="bold">If you have only one public IP address:</emphasis></para> <itemizedlist> <listitem> <para><ulink url="standalone.htm">Standalone</ulink> Linux System with a single network interface (if you are running Shorewall 4.4.12 Beta 3 or later, use the <ulink url="Universal.html">Universal</ulink> configuration instead).</para> </listitem> <listitem> <para><ulink url="two-interface.htm">Two-interface</ulink> Linux System acting as a firewall/router for a small local network</para> </listitem> <listitem> <para><ulink url="three-interface.htm">Three-interface</ulink> Linux System acting as a firewall/router for a small local network and a DMZ.</para> </listitem> </itemizedlist> <para><emphasis role="bold">If you have more than one public IP address:</emphasis></para> <itemizedlist> <listitem> <para>The <ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> outlines the steps necessary to set up a firewall where there are multiple public IP addresses involved or if you want to learn more about Shorewall than is explained in the single-address guides above.</para> </listitem> </itemizedlist> <para>The following articles are also recommended reading for newcomers.</para> <itemizedlist> <listitem> <para><ulink url="configuration_file_basics.htm">Configuration File Basics</ulink><blockquote> <para><informaltable frame="none"> <tgroup cols="2"> <tbody valign="middle"> <row> <entry><ulink url="configuration_file_basics.htm#Manpages">Man Pages</ulink></entry> <entry><ulink url="configuration_file_basics.htm#MAC">Using MAC Addresses in Shorewall</ulink></entry> </row> <row> <entry><ulink url="configuration_file_basics.htm#Comments">Comments in configuration files</ulink></entry> <entry><ulink url="configuration_file_basics.htm#Variables">Using Shell Variables</ulink></entry> </row> <row> <entry><ulink url="configuration_file_basics.htm#COMMENT">Attach Comment to Netfilter Rules</ulink></entry> <entry><ulink url="configuration_file_basics.htm#dnsnames">Using DNS Names</ulink></entry> </row> <row> <entry><ulink url="configuration_file_basics.htm#Continuation">Line Continuation</ulink></entry> <entry><ulink url="configuration_file_basics.htm#Compliment">Complementing an IP address or Subnet</ulink></entry> </row> <row> <entry><ulink url="configuration_file_basics.htm#INCLUDE">INCLUDE Directive</ulink></entry> <entry><ulink url="configuration_file_basics.htm#IPRanges">IP Address Ranges</ulink></entry> </row> <row> <entry><ulink url="configuration_file_basics.htm#Ports">Port Numbers/Service Names</ulink></entry> <entry><ulink url="configuration_file_basics.htm#Levels">Shorewall Configurations (making a test configuration)</ulink></entry> </row> <row> <entry><ulink url="configuration_file_basics.htm#Ranges">Port Ranges</ulink></entry> <entry></entry> </row> </tbody> </tgroup> </informaltable></para> </blockquote></para> </listitem> <listitem> <para><ulink url="starting_and_stopping_shorewall.htm">Operating Shorewall and Shorewall Lite</ulink> contains a lot of useful operational hints.</para> </listitem> <listitem> <para>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet Processing with Shorewall ) <ulink url="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</ulink></para> </listitem> </itemizedlist> </article>