Jontas » firewall http://www.f15ijp.com My digital notepad (notes etc) Wed, 28 Dec 2011 18:24:47 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 No shorewall compiler installed http://www.f15ijp.com/2010/03/23/no-shorewall-compiler-installed/ http://www.f15ijp.com/2010/03/23/no-shorewall-compiler-installed/#comments Tue, 23 Mar 2010 11:12:49 +0000 jontas http://f15ijp.com/?p=421 If you run into the error “No shorewall compiler installed” (for instance using shorewall check) then there is a quick fix for this.
The fix is to install shorewall-perl (using “apt-get install shorewall-perl”).

Then you should be set.

]]> http://www.f15ijp.com/2010/03/23/no-shorewall-compiler-installed/feed/ 0 Quickly configure shorewall on Debian http://www.f15ijp.com/2010/02/05/quickly-configure-shorewall-on-debian/ http://www.f15ijp.com/2010/02/05/quickly-configure-shorewall-on-debian/#comments Fri, 05 Feb 2010 16:20:44 +0000 jontas http://f15ijp.com/?p=278 By definition shorewall is not a firewall, it is a way to (more) easily configure iptables to work as a firewall.

  • First install shorewall “$ apt-get intall shorewall”
  • Enter /etc/shorewall
  • Copy the example files from /usr/share/doc/shorewall-common/default-config/ (might also be located in /usr/share/doc/shorewall/default-config/) “$ cp /usr/share/doc/shorewall-common/default-config/* .”
  • Edit the files and enter the data that your system has
    • First create zones “$ nano zones” 
       #ZONE   TYPE            OPTIONS         IN OPTIONS                OUT OPTIONS
fw      firewall
net     ipv4
vpn     ipv4
    • Connect zones with interfaces”$ nano interfaces” 
       #ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          tcpflags,blacklist,dhcp
vpn	tun0		-
    • Create policies “$ nano policy” 
       #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
fw              net             ACCEPT
vpn             net             ACCEPT
vpn             fw              ACCEPT
fw              vpn             ACCEPT
net             all             DROP            info
all             all             DROP            info
    • Create rules “$ nano rules” 
       #ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
#                                               PORT(S) PORT(S)         DEST            LIMIT           GROUP
ACCEPT          net             fw             tcp     22 # ssh
ACCEPT          net             fw             tcp     80 # web
    • Verify that the rules are fine “$ shorewall check”
    • Edit /etc/default/shorewall and set startup to 1 
       # prevent startup with default configuration
# set the following varible to 1 in order to allow Shorewall to start
 
startup=1
    • Start the firewall “$ /etc/init.d/shorewall start”

If you later decide to update rules, zones etc run “$ /etc/init.d/shorewall restart” to load the changes.

]]> http://www.f15ijp.com/2010/02/05/quickly-configure-shorewall-on-debian/feed/ 0