Getting Started with Shorewall
Tom
Eastep
2006
2007
Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
Please read this short article first.
Introduction to
Shorewall
Next, read the QuickStart Guide that is appropriate for your
configuration:
If you have only one public IP
address:
Standalone Linux System with a
single network interface (Version
Française) (Russian
Version) Version en
Español
Two-interface Linux System
acting as a firewall/router for a small local network (Version Française) (Russian Version)
Three-interface Linux
System acting as a firewall/router for a small local network and a DMZ..
(Version Française) (Russian Version)
If you have more than one public IP
address:
The Shorewall Setup
Guide (Version
Française) outlines the steps necessary to set up a firewall
where there are multiple public IP addresses involved or if you want to
learn more about Shorewall than is explained in the single-address
guides above.
The following articles are also recommended reading for
newcomers.
Configuration File
Basics
Man
Pages
Using MAC
Addresses in Shorewall
Comments in
configuration files
Using Shell
Variables
Attach Comment
to Netfilter Rules
Using DNS
Names
Line
Continuation
Complementing
an IP address or Subnet
INCLUDE
Directive
IP Address
Ranges
Port
Numbers/Service Names
Shorewall
Configurations (making a test
configuration)
Port
Ranges
Operating
Shorewall and Shorewall Lite contains a lot of useful
operational hints.
PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS