Getting Started with Shorewall
Tom
Eastep
2006
2007
2010
2011
Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
Please read this short article first.
Introduction to
Shorewall
Now, install Shorewall.
Next, read the QuickStart Guide that is appropriate for your
configuration:
If you just want to protect a system: (Requires
Shorewall 4.4.12-Beta3 or later)
Universal configuration --
requires no configuration to protect a single system.
If you have only one public IP
address:
Standalone Linux System with a
single network interface (if you are running Shorewall 4.4.12 Beta 3 or
later, use the Universal
configuration instead).
Two-interface Linux System
acting as a firewall/router for a small local network
Three-interface Linux
System acting as a firewall/router for a small local network and a
DMZ.
If you have more than one public IP
address:
The Shorewall Setup
Guide outlines the steps necessary to set up a firewall where
there are multiple public IP addresses involved or if you want to learn
more about Shorewall than is explained in the single-address guides
above.
The following articles are also recommended reading for
newcomers.
Configuration File
Basics
Man
Pages
Using MAC
Addresses in Shorewall
Comments in
configuration files
Using Shell
Variables
Attach Comment
to Netfilter Rules
Using DNS
Names
Line
Continuation
Complementing
an IP address or Subnet
INCLUDE
Directive
IP Address
Ranges
Port
Numbers/Service Names
Shorewall
Configurations (making a test
configuration)
Port
Ranges
Operating
Shorewall and Shorewall Lite contains a lot of useful
operational hints.
PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS