Installation and configuration of shorewall firewall under Linux


Environment Description: This machine has only one network card and uses static IP to surf the Internet


Command: apt get install shorewall Ubuntu will automatically give youinstallOK, but shorewall is not configured or started


【1】 First, CP / usr / share / Doc / shorewall / examples / one interface / * / etc / shorewall


【2】 Modify / etc / shorewall / shorewall Conf change startup_ Enabled = no is startup_ ENABLED=Yes


【3】 Modify / etc / default / shorewall to change startup = 0 to startup = 1


【4】 Run ifconfig to confirm that the network card name is eth0 by default, and write down the network card name


【5】 Modify / etc / shorewall / interfaces and change eth0 in net eth0 detect DHCP, tcpflags, logmartians and nosmurfs to your network card name. If it is the same, you don’t need to modify it


【6】 Modify the file / etc / shorewall / rules, which is the definition file of access rules. The default is to allow the local computer to access all external addresses and prohibit external computers from accessing this address. For example, if you open SSH service and port is 22, where do you want others to access? Create a new rule in accept $FW net ICMP


Accept net $FW TCP 22 here also gives you a brief description of the rules. Net stands for the Internet computer and $FW stands for the local computer, that is, the firewall itself. Interpretation of accept net $FW TCP 22 means that the Internet is allowed to access port 22 with the TCP protocol from the local computer (firewall). If prohibited, it is drop


Drop net $FW TCP 22 If an IP access is allowed on the Internet, the rule can be written like this


ACCEPT net: $FW TCP 22


Shorewall start.