PromoxFirewall: Unterschied zwischen den Versionen

Aus Info-Theke
Zur Navigation springen Zur Suche springen
K
Zeile 68: Zeile 68:


# Permit access to Proxmox Manager and Console
# Permit access to Proxmox Manager and Console
ACCEPT          net        fw        tcp    443,5900:5999
ACCEPT          net        fw        tcp    80,443,5900:5999


# PING Rules
# PING Rules
Zeile 75: Zeile 75:
# LAST LINE -- DO NOT REMOVE
# LAST LINE -- DO NOT REMOVE
</pre>
</pre>
* Wenn Makro SSH/ACCEPT nicht benutzt werden soll, äquivalent ist:
** ACCEPT      net        fw        tcp      22            -          -          6/min:5


== Test ==
== Test ==
<pre>shorewall try /etc/shorewall 60
<pre>shorewall try /etc/shorewall 60
</pre>
</pre>

Version vom 16. Mai 2017, 19:07 Uhr

shorewall als Firewall

Orginalartikel

Installation

apt-get install shorewall6

Konfiguration

  • /etc/network/interfaces:
auto eth0
iface eth0 inet static
        address 192.168.2.64
        netmask 255.255.255.0
        gateway 192.168.2.3
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

  • /etc/shorewall/shorewall.conf:

DISABLE_IPV6=No

  • Neu: /etc/shorewall/shorewall.conf
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
dmz     ipv4
  • Neu: /etc/shorewall/interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          blacklist,nosmurfs
dmz     venet0          detect          routeback
dmz     vmbr0           detect          routeback,bridge
  • /etc/shorewall/policy
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK

# From Firewall Policy
fw      fw      ACCEPT
fw      net     ACCEPT
fw      dmz     ACCEPT

# From DMZ Policy

dmz     dmz     ACCEPT
dmz     net     ACCEPT
dmz     fw      DROP            info

# From Net Policy
net     fw      DROP            info
net     dmz     DROP            info 

# THE FOLLOWING POLICY MUST BE LAST
#
all     all     REJECT          info
  • Neu: /etc/shorewall/rules
#ACTION          SOURCE     DEST       PROTO   DEST        SOURCE     ORIGINAL    RATE

# Permit access to SSH
SSH/ACCEPT       net        fw         -       -            -          -          6/min:5

# Permit access to Proxmox Manager and Console
ACCEPT           net        fw         tcp     80,443,5900:5999

# PING Rules
Ping/ACCEPT      all        all

# LAST LINE -- DO NOT REMOVE

Test

shorewall try /etc/shorewall 60