PromoxFirewall: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
K |
|||
(Eine dazwischenliegende Version von einem anderen Benutzer wird nicht angezeigt) | |||
Zeile 68: | Zeile 68: | ||
# Permit access to Proxmox Manager and Console | # Permit access to Proxmox Manager and Console | ||
ACCEPT net fw tcp 443,5900:5999 | ACCEPT net fw tcp 80,443,5900:5999 | ||
# PING Rules | # PING Rules | ||
Zeile 75: | Zeile 75: | ||
# LAST LINE -- DO NOT REMOVE | # LAST LINE -- DO NOT REMOVE | ||
</pre> | </pre> | ||
* | * Neu: /etc/shorewall/maskq | ||
<pre>#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK | |||
eth0 10.0.0.0/8 | |||
# LAST LINE -- DO NOT REMOVE | |||
</pre> | |||
== Test == | == Test == | ||
<pre>shorewall try /etc/shorewall 60 | <pre>shorewall try /etc/shorewall 60 | ||
</pre> | </pre> |
Aktuelle Version vom 16. Mai 2017, 20:47 Uhr
shorewall als Firewall[Bearbeiten]
Installation[Bearbeiten]
apt-get install shorewall6
Konfiguration[Bearbeiten]
- /etc/network/interfaces:
auto eth0 iface eth0 inet static address 192.168.2.64 netmask 255.255.255.0 gateway 192.168.2.3 post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp auto vmbr0 iface vmbr0 inet static address 10.10.10.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0
- /etc/shorewall/shorewall.conf:
DISABLE_IPV6=No
- Neu: /etc/shorewall/shorewall.conf
#ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 dmz ipv4
- Neu: /etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS net eth0 detect blacklist,nosmurfs dmz venet0 detect routeback dmz vmbr0 detect routeback,bridge
- /etc/shorewall/policy
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # From Firewall Policy fw fw ACCEPT fw net ACCEPT fw dmz ACCEPT # From DMZ Policy dmz dmz ACCEPT dmz net ACCEPT dmz fw DROP info # From Net Policy net fw DROP info net dmz DROP info # THE FOLLOWING POLICY MUST BE LAST # all all REJECT info
- Neu: /etc/shorewall/rules
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE # Permit access to SSH SSH/ACCEPT net fw - - - - 6/min:5 # Permit access to Proxmox Manager and Console ACCEPT net fw tcp 80,443,5900:5999 # PING Rules Ping/ACCEPT all all # LAST LINE -- DO NOT REMOVE
- Neu: /etc/shorewall/maskq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 10.0.0.0/8 # LAST LINE -- DO NOT REMOVE
Test[Bearbeiten]
shorewall try /etc/shorewall 60