PromoxFirewall
Version vom 16. Mai 2017, 07:39 Uhr von Hamatoma (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „= shorewall als Firewall = [http://myatus.com/p/guide-firewall-and-router-with-proxmox/ Orginalartikel] == Installation == <pre>apt-get install shorewall6 </pr…“)
shorewall als Firewall
Installation
apt-get install shorewall6
Konfiguration
- /etc/network/interfaces:
auto eth0
iface eth0 inet static
address 192.168.2.64
netmask 255.255.255.0
gateway 192.168.2.3
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
- /etc/shorewall/shorewall.conf:
DISABLE_IPV6=No
- Neu: /etc/shorewall/shorewall.conf
#ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 dmz ipv4
- Neu: /etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS net eth0 detect blacklist,nosmurfs dmz venet0 detect routeback dmz vmbr0 detect routeback,bridge
- /etc/shorewall/policy
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # From Firewall Policy fw fw ACCEPT fw net ACCEPT fw dmz ACCEPT # From DMZ Policy dmz dmz ACCEPT dmz net ACCEPT dmz fw DROP info # From Net Policy net fw DROP info net dmz DROP info # THE FOLLOWING POLICY MUST BE LAST # all all REJECT info