shorewall als Firewall

Installation

apt-get install shorewall6

Konfiguration

/etc/network/interfaces:

auto eth0
iface eth0 inet static
        address 192.168.2.64
        netmask 255.255.255.0
        gateway 192.168.2.3
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

/etc/shorewall/shorewall.conf:

DISABLE_IPV6=No

Neu: /etc/shorewall/shorewall.conf

#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
dmz     ipv4

Neu: /etc/shorewall/interfaces

#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          blacklist,nosmurfs
dmz     venet0          detect          routeback
dmz     vmbr0           detect          routeback,bridge

/etc/shorewall/policy

#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK

# From Firewall Policy
fw      fw      ACCEPT
fw      net     ACCEPT
fw      dmz     ACCEPT

# From DMZ Policy

dmz     dmz     ACCEPT
dmz     net     ACCEPT
dmz     fw      DROP            info

# From Net Policy
net     fw      DROP            info
net     dmz     DROP            info 

# THE FOLLOWING POLICY MUST BE LAST
#
all     all     REJECT          info

PromoxFirewall

shorewall als Firewall

Installation

Konfiguration

Navigationsmenü

PromoxFirewall

shorewall als Firewall

Installation

Konfiguration

Navigationsmenü

Suche