PromoxFirewall

Aus Info-Theke
Version vom 16. Mai 2017, 07:39 Uhr von Hamatoma (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „= shorewall als Firewall = [http://myatus.com/p/guide-firewall-and-router-with-proxmox/ Orginalartikel] == Installation == <pre>apt-get install shorewall6 </pr…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

shorewall als Firewall

Orginalartikel

Installation

apt-get install shorewall6

Konfiguration

  • /etc/network/interfaces:
auto eth0
iface eth0 inet static
        address 192.168.2.64
        netmask 255.255.255.0
        gateway 192.168.2.3
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

  • /etc/shorewall/shorewall.conf:

DISABLE_IPV6=No

  • Neu: /etc/shorewall/shorewall.conf
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
dmz     ipv4
  • Neu: /etc/shorewall/interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          blacklist,nosmurfs
dmz     venet0          detect          routeback
dmz     vmbr0           detect          routeback,bridge
  • /etc/shorewall/policy
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK

# From Firewall Policy
fw      fw      ACCEPT
fw      net     ACCEPT
fw      dmz     ACCEPT

# From DMZ Policy

dmz     dmz     ACCEPT
dmz     net     ACCEPT
dmz     fw      DROP            info

# From Net Policy
net     fw      DROP            info
net     dmz     DROP            info 

# THE FOLLOWING POLICY MUST BE LAST
#
all     all     REJECT          info