PromoxFirewall: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „= shorewall als Firewall = [http://myatus.com/p/guide-firewall-and-router-with-proxmox/ Orginalartikel] == Installation == <pre>apt-get install shorewall6 </pr…“) |
|||
(2 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 60: | Zeile 60: | ||
# | # | ||
all all REJECT info | all all REJECT info | ||
</pre> | |||
* Neu: /etc/shorewall/rules | |||
<pre>#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE | |||
# Permit access to SSH | |||
SSH/ACCEPT net fw - - - - 6/min:5 | |||
# Permit access to Proxmox Manager and Console | |||
ACCEPT net fw tcp 80,443,5900:5999 | |||
# PING Rules | |||
Ping/ACCEPT all all | |||
# LAST LINE -- DO NOT REMOVE | |||
</pre> | |||
* Neu: /etc/shorewall/maskq | |||
<pre>#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK | |||
eth0 10.0.0.0/8 | |||
# LAST LINE -- DO NOT REMOVE | |||
</pre> | |||
== Test == | |||
<pre>shorewall try /etc/shorewall 60 | |||
</pre> | </pre> |
Aktuelle Version vom 16. Mai 2017, 20:47 Uhr
shorewall als Firewall[Bearbeiten]
Installation[Bearbeiten]
apt-get install shorewall6
Konfiguration[Bearbeiten]
- /etc/network/interfaces:
auto eth0 iface eth0 inet static address 192.168.2.64 netmask 255.255.255.0 gateway 192.168.2.3 post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp auto vmbr0 iface vmbr0 inet static address 10.10.10.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0
- /etc/shorewall/shorewall.conf:
DISABLE_IPV6=No
- Neu: /etc/shorewall/shorewall.conf
#ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 dmz ipv4
- Neu: /etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS net eth0 detect blacklist,nosmurfs dmz venet0 detect routeback dmz vmbr0 detect routeback,bridge
- /etc/shorewall/policy
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # From Firewall Policy fw fw ACCEPT fw net ACCEPT fw dmz ACCEPT # From DMZ Policy dmz dmz ACCEPT dmz net ACCEPT dmz fw DROP info # From Net Policy net fw DROP info net dmz DROP info # THE FOLLOWING POLICY MUST BE LAST # all all REJECT info
- Neu: /etc/shorewall/rules
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE # Permit access to SSH SSH/ACCEPT net fw - - - - 6/min:5 # Permit access to Proxmox Manager and Console ACCEPT net fw tcp 80,443,5900:5999 # PING Rules Ping/ACCEPT all all # LAST LINE -- DO NOT REMOVE
- Neu: /etc/shorewall/maskq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 10.0.0.0/8 # LAST LINE -- DO NOT REMOVE
Test[Bearbeiten]
shorewall try /etc/shorewall 60