Shorewall firewall installation and configuration method under Linux

Environment Description: This machine has only one network card, use static IP Internet

Command: apt-get install shorewall ubuntu will automatically install it for you. , but the shorewall is not configured and does not start

"1" first cp /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall

"2" Modify /etc/shorewall/shorewall.conf Change STARTUP_ENABLED=No to STARTUP_ENABLED=Yes

"3" Modify /etc/default/shorewall Change startup=0 to startup=1

"4" run ifconfig to confirm that the default name of the network card is generally eth0, write down the name of the network card

"5" modify /etc/shorewall/interfaces change net eth0 detect dhcp, tcpflags , logmartians, eth0 in nosmurfs is your NIC name. If it is the same, you don't need to modify it.

"6" Modify /etc/shorewall/rules This file is the definition file of the access rule. The default is to allow local computer access. All external addresses, prohibit external computers from accessing this address, for example if you are open The ssh service, the port is 22, you want to allow others to access which one in ACCEPT $FW net icmp create a new rule

ACCEPT net $FW TCP 22 Here also give you a simple way to say some of the rules of the net net on behalf of the Internet The computer $fw stands for the machine, that is, the firewall itself interprets ACCEPT net $FW TCP 22 means to allow the Internet to the local machine (firewall) to access port 22 by TCP protocol. If prohibited, it is DROP

DROP net $FW TCP 22 If it is to allow Internet access to an IP, the rules can be written as such

ACCEPT net:192.168.1.10 $FW TCP 22

shorewall start Ok.