Shorewall on RPM-based Servers: Difference between revisions

From Alteeve Wiki
Jump to navigation Jump to search
No edit summary
Line 12: Line 12:
wget -c http://canada.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25.2.tgz
wget -c http://canada.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25.2.tgz
</source>
</source>
<source lang="bash">
<source lang="text">
--2011-11-06 08:30:21--  http://canada.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25.2.tgz
--2011-11-06 08:30:21--  http://canada.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25.2.tgz
Resolving canada.shorewall.net... 174.142.92.243
Resolving canada.shorewall.net... 174.142.92.243
Line 30: Line 30:
tar -xvzf shorewall-4.4.25.2.tgz  
tar -xvzf shorewall-4.4.25.2.tgz  
</source>
</source>
<source lang="bash">
<source lang="text">
shorewall-4.4.25.2/
shorewall-4.4.25.2/
shorewall-4.4.25.2/shorewall.service
shorewall-4.4.25.2/shorewall.service
Line 387: Line 387:
./install.sh  
./install.sh  
</source>
</source>
<source lang="bash">
<source lang="text">
Perl/compiler.pl syntax OK
Perl/compiler.pl syntax OK
Installing Redhat/Fedora-specific configuration...
Installing Redhat/Fedora-specific configuration...

Revision as of 21:40, 6 November 2011

 AN!Wiki :: How To :: Shorewall on RPM-based Servers

This covers setup and maintenance of Shorewall 4.4 on Red Hat Enterprise Linux 5.x, 6.x, RHEL derivatives and several recent Fedora releases.

Install

 Note: Previously, RPMs where available but they seem to no longer we maintained. Thus, this section has changed to install from the tarball.

First, download the latest version of Shorewall. You can find the latest version here. 

wget -c http://canada.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25.2.tgz

--2011-11-06 08:30:21--  http://canada.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25.2.tgz
Resolving canada.shorewall.net... 174.142.92.243
Connecting to canada.shorewall.net|174.142.92.243|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 651265 (636K) [application/x-gzip]
Saving to: “shorewall-4.4.25.2.tgz”

100%[=========================================================================>] 651,265      391K/s   in 1.6s    

2011-11-06 08:30:22 (391 KB/s) - “shorewall-4.4.25.2.tgz” saved [651265/651265]

Untar it, change into the created directory and run the install.sh script. 

tar -xvzf shorewall-4.4.25.2.tgz

shorewall-4.4.25.2/
shorewall-4.4.25.2/shorewall.service
shorewall-4.4.25.2/uninstall.sh
shorewall-4.4.25.2/action.Broadcast
shorewall-4.4.25.2/action.Drop
shorewall-4.4.25.2/lib.base
shorewall-4.4.25.2/modules.tc
shorewall-4.4.25.2/changelog.txt
shorewall-4.4.25.2/logrotate
shorewall-4.4.25.2/modules.extensions
shorewall-4.4.25.2/action.Reject
shorewall-4.4.25.2/action.A_Drop
shorewall-4.4.25.2/Perl/
shorewall-4.4.25.2/Perl/compiler.pl
shorewall-4.4.25.2/Perl/prog.footer
shorewall-4.4.25.2/Perl/prog.header
shorewall-4.4.25.2/Perl/getparams
shorewall-4.4.25.2/Perl/Shorewall/
shorewall-4.4.25.2/Perl/Shorewall/Misc.pm
shorewall-4.4.25.2/Perl/Shorewall/Chains.pm
shorewall-4.4.25.2/Perl/Shorewall/Accounting.pm
shorewall-4.4.25.2/Perl/Shorewall/Config.pm
shorewall-4.4.25.2/Perl/Shorewall/Tunnels.pm
shorewall-4.4.25.2/Perl/Shorewall/Compiler.pm
shorewall-4.4.25.2/Perl/Shorewall/Raw.pm
shorewall-4.4.25.2/Perl/Shorewall/Providers.pm
shorewall-4.4.25.2/Perl/Shorewall/Proxyarp.pm
shorewall-4.4.25.2/Perl/Shorewall/Proc.pm
shorewall-4.4.25.2/Perl/Shorewall/Zones.pm
shorewall-4.4.25.2/Perl/Shorewall/IPAddrs.pm
shorewall-4.4.25.2/Perl/Shorewall/Nat.pm
shorewall-4.4.25.2/Perl/Shorewall/Tc.pm
shorewall-4.4.25.2/Perl/Shorewall/Rules.pm
shorewall-4.4.25.2/Perl/.includepath
shorewall-4.4.25.2/Perl/.project
shorewall-4.4.25.2/Perl/prog.footer6
shorewall-4.4.25.2/Perl/prog.header6
shorewall-4.4.25.2/shorewall
shorewall-4.4.25.2/default.debian
shorewall-4.4.25.2/action.template
shorewall-4.4.25.2/Contrib/
shorewall-4.4.25.2/Contrib/swping.init
shorewall-4.4.25.2/Contrib/tunnel
shorewall-4.4.25.2/Contrib/ipsecvpn
shorewall-4.4.25.2/Contrib/swping
shorewall-4.4.25.2/action.TCPFlags
shorewall-4.4.25.2/INSTALL
shorewall-4.4.25.2/modules.xtables
shorewall-4.4.25.2/install.sh
shorewall-4.4.25.2/releasenotes.txt
shorewall-4.4.25.2/init.debian.sh
shorewall-4.4.25.2/Macros/
shorewall-4.4.25.2/Macros/macro.SixXS
shorewall-4.4.25.2/Macros/macro.SMBswat
shorewall-4.4.25.2/Macros/macro.L2TP
shorewall-4.4.25.2/Macros/macro.BitTorrent32
shorewall-4.4.25.2/Macros/macro.ICQ
shorewall-4.4.25.2/Macros/macro.PPtP
shorewall-4.4.25.2/Macros/macro.Citrix
shorewall-4.4.25.2/Macros/macro.OSPF
shorewall-4.4.25.2/Macros/macro.Time
shorewall-4.4.25.2/Macros/macro.Razor
shorewall-4.4.25.2/Macros/macro.DropUPnP
shorewall-4.4.25.2/Macros/macro.mDNS
shorewall-4.4.25.2/Macros/macro.IPsecnat
shorewall-4.4.25.2/Macros/macro.IPsec
shorewall-4.4.25.2/Macros/macro.VNCL
shorewall-4.4.25.2/Macros/macro.Syslog
shorewall-4.4.25.2/Macros/macro.RDP
shorewall-4.4.25.2/Macros/macro.HTTPS
shorewall-4.4.25.2/Macros/macro.Gnutella
shorewall-4.4.25.2/Macros/macro.JabberSecure
shorewall-4.4.25.2/Macros/macro.DNS
shorewall-4.4.25.2/Macros/macro.SMBBI
shorewall-4.4.25.2/Macros/macro.Webcache
shorewall-4.4.25.2/Macros/macro.Edonkey
shorewall-4.4.25.2/Macros/macro.HTTP
shorewall-4.4.25.2/Macros/macro.Jabberd
shorewall-4.4.25.2/Macros/macro.JAP
shorewall-4.4.25.2/Macros/macro.NTPbrd
shorewall-4.4.25.2/Macros/macro.Webmin
shorewall-4.4.25.2/Macros/macro.Amanda
shorewall-4.4.25.2/Macros/macro.Munin
shorewall-4.4.25.2/Macros/macro.IPP
shorewall-4.4.25.2/Macros/macro.SVN
shorewall-4.4.25.2/Macros/macro.AllowICMPs
shorewall-4.4.25.2/Macros/macro.PCA
shorewall-4.4.25.2/Macros/macro.NNTP
shorewall-4.4.25.2/Macros/macro.BGP
shorewall-4.4.25.2/Macros/macro.VNC
shorewall-4.4.25.2/Macros/macro.DropDNSrep
shorewall-4.4.25.2/Macros/macro.SMTP
shorewall-4.4.25.2/Macros/macro.Ping
shorewall-4.4.25.2/Macros/macro.Rfc1918
shorewall-4.4.25.2/Macros/macro.TFTP
shorewall-4.4.25.2/Macros/macro.OpenVPN
shorewall-4.4.25.2/Macros/macro.IMAP
shorewall-4.4.25.2/Macros/macro.Distcc
shorewall-4.4.25.2/Macros/macro.GNUnet
shorewall-4.4.25.2/Macros/macro.MySQL
shorewall-4.4.25.2/Macros/macro.Rsync
shorewall-4.4.25.2/Macros/macro.IPPbrd
shorewall-4.4.25.2/Macros/macro.LDAP
shorewall-4.4.25.2/Macros/macro.Whois
shorewall-4.4.25.2/Macros/macro.RIPbi
shorewall-4.4.25.2/Macros/macro.Git
shorewall-4.4.25.2/Macros/macro.BitTorrent
shorewall-4.4.25.2/Macros/macro.IPPserver
shorewall-4.4.25.2/Macros/macro.NTP
shorewall-4.4.25.2/Macros/macro.SMB
shorewall-4.4.25.2/Macros/macro.NNTPS
shorewall-4.4.25.2/Macros/macro.JabberPlain
shorewall-4.4.25.2/Macros/macro.A_AllowICMPs
shorewall-4.4.25.2/Macros/macro.POP3S
shorewall-4.4.25.2/Macros/macro.IPsecah
shorewall-4.4.25.2/Macros/macro.NTPbi
shorewall-4.4.25.2/Macros/macro.SSH
shorewall-4.4.25.2/Macros/macro.Reject
shorewall-4.4.25.2/Macros/macro.SMTPS
shorewall-4.4.25.2/Macros/macro.DHCPfwd
shorewall-4.4.25.2/Macros/macro.SANE
shorewall-4.4.25.2/Macros/macro.IRC
shorewall-4.4.25.2/Macros/macro.HKP
shorewall-4.4.25.2/Macros/macro.FTP
shorewall-4.4.25.2/Macros/macro.SPAMD
shorewall-4.4.25.2/Macros/macro.IMAPS
shorewall-4.4.25.2/Macros/macro.DAAP
shorewall-4.4.25.2/Macros/macro.Squid
shorewall-4.4.25.2/Macros/macro.Web
shorewall-4.4.25.2/Macros/macro.Jetdirect
shorewall-4.4.25.2/Macros/macro.SNMP
shorewall-4.4.25.2/Macros/macro.template
shorewall-4.4.25.2/Macros/macro.A_DropUPnP
shorewall-4.4.25.2/Macros/macro.GRE
shorewall-4.4.25.2/Macros/macro.Telnets
shorewall-4.4.25.2/Macros/macro.DCC
shorewall-4.4.25.2/Macros/macro.Submission
shorewall-4.4.25.2/Macros/macro.Drop
shorewall-4.4.25.2/Macros/macro.Auth
shorewall-4.4.25.2/Macros/macro.Printer
shorewall-4.4.25.2/Macros/macro.CVS
shorewall-4.4.25.2/Macros/macro.POP3
shorewall-4.4.25.2/Macros/macro.ICPV2
shorewall-4.4.25.2/Macros/macro.Trcrt
shorewall-4.4.25.2/Macros/macro.LDAPS
shorewall-4.4.25.2/Macros/macro.PostgreSQL
shorewall-4.4.25.2/Macros/macro.Rdate
shorewall-4.4.25.2/Macros/macro.Telnet
shorewall-4.4.25.2/Macros/macro.IPIP
shorewall-4.4.25.2/Macros/macro.Finger
shorewall-4.4.25.2/Macros/macro.Mail
shorewall-4.4.25.2/Macros/macro.RNDC
shorewall-4.4.25.2/Macros/macro.A_DropDNSrep
shorewall-4.4.25.2/configfiles/
shorewall-4.4.25.2/configfiles/params.annotated
shorewall-4.4.25.2/configfiles/providers.annotated
shorewall-4.4.25.2/configfiles/actions.annotated
shorewall-4.4.25.2/configfiles/shorewall.conf.annotated
shorewall-4.4.25.2/configfiles/accounting.annotated
shorewall-4.4.25.2/configfiles/netmap.annotated
shorewall-4.4.25.2/configfiles/zones
shorewall-4.4.25.2/configfiles/init
shorewall-4.4.25.2/configfiles/zones.annotated
shorewall-4.4.25.2/configfiles/nat
shorewall-4.4.25.2/configfiles/tcclasses.annotated
shorewall-4.4.25.2/configfiles/tcpri
shorewall-4.4.25.2/configfiles/tcfilters
shorewall-4.4.25.2/configfiles/routestopped
shorewall-4.4.25.2/configfiles/notrack
shorewall-4.4.25.2/configfiles/hosts
shorewall-4.4.25.2/configfiles/tcrules
shorewall-4.4.25.2/configfiles/proxyarp
shorewall-4.4.25.2/configfiles/tos.annotated
shorewall-4.4.25.2/configfiles/start
shorewall-4.4.25.2/configfiles/isusable
shorewall-4.4.25.2/configfiles/tunnels.annotated
shorewall-4.4.25.2/configfiles/accounting
shorewall-4.4.25.2/configfiles/tcinterfaces
shorewall-4.4.25.2/configfiles/tcpri.annotated
shorewall-4.4.25.2/configfiles/tcdevices
shorewall-4.4.25.2/configfiles/tcclear
shorewall-4.4.25.2/configfiles/shorewall.conf
shorewall-4.4.25.2/configfiles/policy
shorewall-4.4.25.2/configfiles/routes.annotated
shorewall-4.4.25.2/configfiles/netmap
shorewall-4.4.25.2/configfiles/refreshed
shorewall-4.4.25.2/configfiles/policy.annotated
shorewall-4.4.25.2/configfiles/restored
shorewall-4.4.25.2/configfiles/lib.private
shorewall-4.4.25.2/configfiles/blacklist
shorewall-4.4.25.2/configfiles/hosts.annotated
shorewall-4.4.25.2/configfiles/findgw
shorewall-4.4.25.2/configfiles/ecn.annotated
shorewall-4.4.25.2/configfiles/route_rules.annotated
shorewall-4.4.25.2/configfiles/proxyarp.annotated
shorewall-4.4.25.2/configfiles/masq
shorewall-4.4.25.2/configfiles/nat.annotated
shorewall-4.4.25.2/configfiles/ecn
shorewall-4.4.25.2/configfiles/rules.annotated
shorewall-4.4.25.2/configfiles/blacklist.annotated
shorewall-4.4.25.2/configfiles/providers
shorewall-4.4.25.2/configfiles/tos
shorewall-4.4.25.2/configfiles/tcclasses
shorewall-4.4.25.2/configfiles/stopped
shorewall-4.4.25.2/configfiles/masq.annotated
shorewall-4.4.25.2/configfiles/interfaces.annotated
shorewall-4.4.25.2/configfiles/tcinterfaces.annotated
shorewall-4.4.25.2/configfiles/tcdevices.annotated
shorewall-4.4.25.2/configfiles/notrack.annotated
shorewall-4.4.25.2/configfiles/routes
shorewall-4.4.25.2/configfiles/refresh
shorewall-4.4.25.2/configfiles/secmarks
shorewall-4.4.25.2/configfiles/routestopped.annotated
shorewall-4.4.25.2/configfiles/rules
shorewall-4.4.25.2/configfiles/route_rules
shorewall-4.4.25.2/configfiles/started
shorewall-4.4.25.2/configfiles/params
shorewall-4.4.25.2/configfiles/init.annotated
shorewall-4.4.25.2/configfiles/clear
shorewall-4.4.25.2/configfiles/initdone
shorewall-4.4.25.2/configfiles/tunnels
shorewall-4.4.25.2/configfiles/secmarks.annotated
shorewall-4.4.25.2/configfiles/actions
shorewall-4.4.25.2/configfiles/maclist.annotated
shorewall-4.4.25.2/configfiles/tcrules.annotated
shorewall-4.4.25.2/configfiles/stop
shorewall-4.4.25.2/configfiles/maclist
shorewall-4.4.25.2/configfiles/interfaces
shorewall-4.4.25.2/configfiles/tcfilters.annotated
shorewall-4.4.25.2/configfiles/scfilter
shorewall-4.4.25.2/configpath
shorewall-4.4.25.2/init.slackware.firewall.sh
shorewall-4.4.25.2/Samples/
shorewall-4.4.25.2/Samples/LICENSE
shorewall-4.4.25.2/Samples/one-interface/
shorewall-4.4.25.2/Samples/one-interface/shorewall.conf.annotated
shorewall-4.4.25.2/Samples/one-interface/zones
shorewall-4.4.25.2/Samples/one-interface/zones.annotated
shorewall-4.4.25.2/Samples/one-interface/shorewall.conf
shorewall-4.4.25.2/Samples/one-interface/policy
shorewall-4.4.25.2/Samples/one-interface/policy.annotated
shorewall-4.4.25.2/Samples/one-interface/rules.annotated
shorewall-4.4.25.2/Samples/one-interface/interfaces.annotated
shorewall-4.4.25.2/Samples/one-interface/rules
shorewall-4.4.25.2/Samples/one-interface/README.txt
shorewall-4.4.25.2/Samples/one-interface/interfaces
shorewall-4.4.25.2/Samples/Universal/
shorewall-4.4.25.2/Samples/Universal/shorewall.conf.annotated
shorewall-4.4.25.2/Samples/Universal/zones
shorewall-4.4.25.2/Samples/Universal/zones.annotated
shorewall-4.4.25.2/Samples/Universal/shorewall.conf
shorewall-4.4.25.2/Samples/Universal/policy
shorewall-4.4.25.2/Samples/Universal/policy.annotated
shorewall-4.4.25.2/Samples/Universal/rules.annotated
shorewall-4.4.25.2/Samples/Universal/interfaces.annotated
shorewall-4.4.25.2/Samples/Universal/rules
shorewall-4.4.25.2/Samples/Universal/interfaces
shorewall-4.4.25.2/Samples/two-interfaces/
shorewall-4.4.25.2/Samples/two-interfaces/shorewall.conf.annotated
shorewall-4.4.25.2/Samples/two-interfaces/zones
shorewall-4.4.25.2/Samples/two-interfaces/zones.annotated
shorewall-4.4.25.2/Samples/two-interfaces/routestopped
shorewall-4.4.25.2/Samples/two-interfaces/shorewall.conf
shorewall-4.4.25.2/Samples/two-interfaces/policy
shorewall-4.4.25.2/Samples/two-interfaces/policy.annotated
shorewall-4.4.25.2/Samples/two-interfaces/masq
shorewall-4.4.25.2/Samples/two-interfaces/rules.annotated
shorewall-4.4.25.2/Samples/two-interfaces/masq.annotated
shorewall-4.4.25.2/Samples/two-interfaces/interfaces.annotated
shorewall-4.4.25.2/Samples/two-interfaces/routestopped.annotated
shorewall-4.4.25.2/Samples/two-interfaces/rules
shorewall-4.4.25.2/Samples/two-interfaces/README.txt
shorewall-4.4.25.2/Samples/two-interfaces/interfaces
shorewall-4.4.25.2/Samples/three-interfaces/
shorewall-4.4.25.2/Samples/three-interfaces/shorewall.conf.annotated
shorewall-4.4.25.2/Samples/three-interfaces/zones
shorewall-4.4.25.2/Samples/three-interfaces/zones.annotated
shorewall-4.4.25.2/Samples/three-interfaces/routestopped
shorewall-4.4.25.2/Samples/three-interfaces/shorewall.conf
shorewall-4.4.25.2/Samples/three-interfaces/policy
shorewall-4.4.25.2/Samples/three-interfaces/policy.annotated
shorewall-4.4.25.2/Samples/three-interfaces/masq
shorewall-4.4.25.2/Samples/three-interfaces/rules.annotated
shorewall-4.4.25.2/Samples/three-interfaces/masq.annotated
shorewall-4.4.25.2/Samples/three-interfaces/interfaces.annotated
shorewall-4.4.25.2/Samples/three-interfaces/routestopped.annotated
shorewall-4.4.25.2/Samples/three-interfaces/rules
shorewall-4.4.25.2/Samples/three-interfaces/README.txt
shorewall-4.4.25.2/Samples/three-interfaces/interfaces
shorewall-4.4.25.2/Samples/README.txt
shorewall-4.4.25.2/known_problems.txt
shorewall-4.4.25.2/Makefile
shorewall-4.4.25.2/lib.common
shorewall-4.4.25.2/lib.cli
shorewall-4.4.25.2/init.fedora.sh
shorewall-4.4.25.2/init.slackware.shorewall.sh
shorewall-4.4.25.2/helpers
shorewall-4.4.25.2/action.DropSmurfs
shorewall-4.4.25.2/wait4ifup
shorewall-4.4.25.2/COPYING
shorewall-4.4.25.2/action.Invalid
shorewall-4.4.25.2/action.NotSyn
shorewall-4.4.25.2/shorewall.spec
shorewall-4.4.25.2/README.txt
shorewall-4.4.25.2/modules.essential
shorewall-4.4.25.2/modules
shorewall-4.4.25.2/Makefile-lite
shorewall-4.4.25.2/manpages/
shorewall-4.4.25.2/manpages/shorewall-hosts.5
shorewall-4.4.25.2/manpages/shorewall-ecn.5
shorewall-4.4.25.2/manpages/shorewall-providers.5
shorewall-4.4.25.2/manpages/shorewall-notrack.5
shorewall-4.4.25.2/manpages/shorewall-route_rules.5
shorewall-4.4.25.2/manpages/shorewall-vardir.5
shorewall-4.4.25.2/manpages/shorewall-routestopped.5
shorewall-4.4.25.2/manpages/shorewall-ipsets.5
shorewall-4.4.25.2/manpages/shorewall-tcclasses.5
shorewall-4.4.25.2/manpages/shorewall-tcfilters.5
shorewall-4.4.25.2/manpages/shorewall-tcdevices.5
shorewall-4.4.25.2/manpages/shorewall-zones.5
shorewall-4.4.25.2/manpages/shorewall-blacklist.5
shorewall-4.4.25.2/manpages/shorewall-tcrules.5
shorewall-4.4.25.2/manpages/shorewall-interfaces.5
shorewall-4.4.25.2/manpages/shorewall-init.8
shorewall-4.4.25.2/manpages/shorewall-secmarks.5
shorewall-4.4.25.2/manpages/shorewall-masq.5
shorewall-4.4.25.2/manpages/shorewall-netmap.5
shorewall-4.4.25.2/manpages/shorewall-maclist.5
shorewall-4.4.25.2/manpages/shorewall-tcpri.5
shorewall-4.4.25.2/manpages/shorewall-proxyarp.5
shorewall-4.4.25.2/manpages/shorewall-tcinterfaces.5
shorewall-4.4.25.2/manpages/shorewall.8
shorewall-4.4.25.2/manpages/shorewall-tunnels.5
shorewall-4.4.25.2/manpages/shorewall-nesting.5
shorewall-4.4.25.2/manpages/shorewall-routes.5
shorewall-4.4.25.2/manpages/shorewall-nat.5
shorewall-4.4.25.2/manpages/shorewall-rules.5
shorewall-4.4.25.2/manpages/shorewall-tos.5
shorewall-4.4.25.2/manpages/shorewall-actions.5
shorewall-4.4.25.2/manpages/shorewall-accounting.5
shorewall-4.4.25.2/manpages/shorewall-modules.5
shorewall-4.4.25.2/manpages/shorewall.conf.5
shorewall-4.4.25.2/manpages/shorewall-params.5
shorewall-4.4.25.2/manpages/shorewall-policy.5
shorewall-4.4.25.2/manpages/shorewall-exclusion.5
shorewall-4.4.25.2/modules.ipset
shorewall-4.4.25.2/init.archlinux.sh
shorewall-4.4.25.2/init.sh
shorewall-4.4.25.2/actions.std
shorewall-4.4.25.2/action.A_Reject

cd shorewall-4.4.25.2
./install.sh

Perl/compiler.pl syntax OK
Installing Redhat/Fedora-specific configuration...
Installing Shorewall Version 4.4.25.2
shorewall control program installed in /sbin/shorewall
Shorewall script installed in /etc/init.d/shorewall
Config file installed as /etc/shorewall/shorewall.conf
Zones file installed as /etc/shorewall/zones

wait4ifup installed in /usr/share/shorewall/wait4ifup
Policy file installed as /etc/shorewall/policy
Interfaces file installed as /etc/shorewall/interfaces
Hosts file installed as /etc/shorewall/hosts
Rules file installed as /etc/shorewall/rules
NAT file installed as /etc/shorewall/nat
NETMAP file installed as /etc/shorewall/netmap
Parameter file installed as /etc/shorewall/params
Proxy ARP file installed as /etc/shorewall/proxyarp
Stopped Routing file installed as /etc/shorewall/routestopped
MAC list file installed as /etc/shorewall/maclist
Masquerade file installed as /etc/shorewall/masq
Notrack file installed as /etc/shorewall/notrack
Modules file installed as /usr/share/shorewall/modules
Module file modules.essential installed as /usr/share/shorewall/modules.essential
Module file modules.extensions installed as /usr/share/shorewall/modules.extensions
Module file modules.ipset installed as /usr/share/shorewall/modules.ipset
Module file modules.tc installed as /usr/share/shorewall/modules.tc
Module file modules.xtables installed as /usr/share/shorewall/modules.xtables
Helper modules file installed as /usr/share/shorewall/helpers
TC Rules file installed as /etc/shorewall/tcrules
TC Interfaces file installed as /etc/shorewall/tcinterfaces
TC Priority file installed as /etc/shorewall/tcpri
TOS file installed as /etc/shorewall/tos
Tunnels file installed as /etc/shorewall/tunnels
Blacklist file installed as /etc/shorewall/blacklist
Find GW file installed as /etc/shorewall/findgw
Providers file installed as /etc/shorewall/providers
Routing rules file installed as /etc/shorewall/route_rules
TC Classes file installed as /etc/shorewall/tcclasses
TC Devices file installed as /etc/shorewall/tcdevices
TC Filters file installed as /etc/shorewall/tcfilters
Secmarks file installed as /etc/shorewall/secmarks
Default config path file installed as /usr/share/shorewall/configpath
Init file installed as /etc/shorewall/init
Initdone file installed as /etc/shorewall/initdone
Start file installed as /etc/shorewall/start
Stop file installed as /etc/shorewall/stop
Stopped file installed as /etc/shorewall/stopped
ECN file installed as /etc/shorewall/ecn
Accounting file installed as /etc/shorewall/accounting
Private library file installed as /etc/shorewall/lib.private
Started file installed as /etc/shorewall/started
Restored file installed as /etc/shorewall/restored
Clear file installed as /etc/shorewall/clear
Isusable file installed as /etc/shorewall/isusable
Refresh file installed as /etc/shorewall/refresh
Refreshed file installed as /etc/shorewall/refreshed
Tcclear file installed as /etc/shorewall/tcclear
Scfilter file installed as /etc/shorewall/scfilter
Standard actions file installed as /usr/shared/shorewall/actions.std
Actions file installed as /etc/shorewall/actions
Makefile installed as /etc/shorewall/Makefile
Action A_Drop file installed as /usr/share/shorewall/action.A_Drop
Action A_Reject file installed as /usr/share/shorewall/action.A_Reject
Action Broadcast file installed as /usr/share/shorewall/action.Broadcast
Action Drop file installed as /usr/share/shorewall/action.Drop
Action DropSmurfs file installed as /usr/share/shorewall/action.DropSmurfs
Action Invalid file installed as /usr/share/shorewall/action.Invalid
Action NotSyn file installed as /usr/share/shorewall/action.NotSyn
Action Reject file installed as /usr/share/shorewall/action.Reject
Action TCPFlags file installed as /usr/share/shorewall/action.TCPFlags
Action template file installed as /usr/share/shorewall/action.template
Macro A_AllowICMPs file installed as /usr/share/shorewall/macro.A_AllowICMPs
Macro A_DropDNSrep file installed as /usr/share/shorewall/macro.A_DropDNSrep
Macro A_DropUPnP file installed as /usr/share/shorewall/macro.A_DropUPnP
Macro AllowICMPs file installed as /usr/share/shorewall/macro.AllowICMPs
Macro Amanda file installed as /usr/share/shorewall/macro.Amanda
Macro Auth file installed as /usr/share/shorewall/macro.Auth
Macro BGP file installed as /usr/share/shorewall/macro.BGP
Macro BitTorrent file installed as /usr/share/shorewall/macro.BitTorrent
Macro BitTorrent32 file installed as /usr/share/shorewall/macro.BitTorrent32
Macro Citrix file installed as /usr/share/shorewall/macro.Citrix
Macro CVS file installed as /usr/share/shorewall/macro.CVS
Macro DAAP file installed as /usr/share/shorewall/macro.DAAP
Macro DCC file installed as /usr/share/shorewall/macro.DCC
Macro DHCPfwd file installed as /usr/share/shorewall/macro.DHCPfwd
Macro Distcc file installed as /usr/share/shorewall/macro.Distcc
Macro DNS file installed as /usr/share/shorewall/macro.DNS
Macro Drop file installed as /usr/share/shorewall/macro.Drop
Macro DropDNSrep file installed as /usr/share/shorewall/macro.DropDNSrep
Macro DropUPnP file installed as /usr/share/shorewall/macro.DropUPnP
Macro Edonkey file installed as /usr/share/shorewall/macro.Edonkey
Macro Finger file installed as /usr/share/shorewall/macro.Finger
Macro FTP file installed as /usr/share/shorewall/macro.FTP
Macro Git file installed as /usr/share/shorewall/macro.Git
Macro GNUnet file installed as /usr/share/shorewall/macro.GNUnet
Macro Gnutella file installed as /usr/share/shorewall/macro.Gnutella
Macro GRE file installed as /usr/share/shorewall/macro.GRE
Macro HKP file installed as /usr/share/shorewall/macro.HKP
Macro HTTP file installed as /usr/share/shorewall/macro.HTTP
Macro HTTPS file installed as /usr/share/shorewall/macro.HTTPS
Macro ICPV2 file installed as /usr/share/shorewall/macro.ICPV2
Macro ICQ file installed as /usr/share/shorewall/macro.ICQ
Macro IMAP file installed as /usr/share/shorewall/macro.IMAP
Macro IMAPS file installed as /usr/share/shorewall/macro.IMAPS
Macro IPIP file installed as /usr/share/shorewall/macro.IPIP
Macro IPP file installed as /usr/share/shorewall/macro.IPP
Macro IPPbrd file installed as /usr/share/shorewall/macro.IPPbrd
Macro IPPserver file installed as /usr/share/shorewall/macro.IPPserver
Macro IPsec file installed as /usr/share/shorewall/macro.IPsec
Macro IPsecah file installed as /usr/share/shorewall/macro.IPsecah
Macro IPsecnat file installed as /usr/share/shorewall/macro.IPsecnat
Macro IRC file installed as /usr/share/shorewall/macro.IRC
Macro Jabberd file installed as /usr/share/shorewall/macro.Jabberd
Macro JabberPlain file installed as /usr/share/shorewall/macro.JabberPlain
Macro JabberSecure file installed as /usr/share/shorewall/macro.JabberSecure
Macro JAP file installed as /usr/share/shorewall/macro.JAP
Macro Jetdirect file installed as /usr/share/shorewall/macro.Jetdirect
Macro L2TP file installed as /usr/share/shorewall/macro.L2TP
Macro LDAP file installed as /usr/share/shorewall/macro.LDAP
Macro LDAPS file installed as /usr/share/shorewall/macro.LDAPS
Macro Mail file installed as /usr/share/shorewall/macro.Mail
Macro mDNS file installed as /usr/share/shorewall/macro.mDNS
Macro Munin file installed as /usr/share/shorewall/macro.Munin
Macro MySQL file installed as /usr/share/shorewall/macro.MySQL
Macro NNTP file installed as /usr/share/shorewall/macro.NNTP
Macro NNTPS file installed as /usr/share/shorewall/macro.NNTPS
Macro NTP file installed as /usr/share/shorewall/macro.NTP
Macro NTPbi file installed as /usr/share/shorewall/macro.NTPbi
Macro NTPbrd file installed as /usr/share/shorewall/macro.NTPbrd
Macro OpenVPN file installed as /usr/share/shorewall/macro.OpenVPN
Macro OSPF file installed as /usr/share/shorewall/macro.OSPF
Macro PCA file installed as /usr/share/shorewall/macro.PCA
Macro Ping file installed as /usr/share/shorewall/macro.Ping
Macro POP3 file installed as /usr/share/shorewall/macro.POP3
Macro POP3S file installed as /usr/share/shorewall/macro.POP3S
Macro PostgreSQL file installed as /usr/share/shorewall/macro.PostgreSQL
Macro PPtP file installed as /usr/share/shorewall/macro.PPtP
Macro Printer file installed as /usr/share/shorewall/macro.Printer
Macro Razor file installed as /usr/share/shorewall/macro.Razor
Macro Rdate file installed as /usr/share/shorewall/macro.Rdate
Macro RDP file installed as /usr/share/shorewall/macro.RDP
Macro Reject file installed as /usr/share/shorewall/macro.Reject
Macro Rfc1918 file installed as /usr/share/shorewall/macro.Rfc1918
Macro RIPbi file installed as /usr/share/shorewall/macro.RIPbi
Macro RNDC file installed as /usr/share/shorewall/macro.RNDC
Macro Rsync file installed as /usr/share/shorewall/macro.Rsync
Macro SANE file installed as /usr/share/shorewall/macro.SANE
Macro SixXS file installed as /usr/share/shorewall/macro.SixXS
Macro SMB file installed as /usr/share/shorewall/macro.SMB
Macro SMBBI file installed as /usr/share/shorewall/macro.SMBBI
Macro SMBswat file installed as /usr/share/shorewall/macro.SMBswat
Macro SMTP file installed as /usr/share/shorewall/macro.SMTP
Macro SMTPS file installed as /usr/share/shorewall/macro.SMTPS
Macro SNMP file installed as /usr/share/shorewall/macro.SNMP
Macro SPAMD file installed as /usr/share/shorewall/macro.SPAMD
Macro Squid file installed as /usr/share/shorewall/macro.Squid
Macro SSH file installed as /usr/share/shorewall/macro.SSH
Macro Submission file installed as /usr/share/shorewall/macro.Submission
Macro SVN file installed as /usr/share/shorewall/macro.SVN
Macro Syslog file installed as /usr/share/shorewall/macro.Syslog
Macro Telnet file installed as /usr/share/shorewall/macro.Telnet
Macro Telnets file installed as /usr/share/shorewall/macro.Telnets
Macro template file installed as /usr/share/shorewall/macro.template
Macro TFTP file installed as /usr/share/shorewall/macro.TFTP
Macro Time file installed as /usr/share/shorewall/macro.Time
Macro Trcrt file installed as /usr/share/shorewall/macro.Trcrt
Macro VNC file installed as /usr/share/shorewall/macro.VNC
Macro VNCL file installed as /usr/share/shorewall/macro.VNCL
Macro Web file installed as /usr/share/shorewall/macro.Web
Macro Webcache file installed as /usr/share/shorewall/macro.Webcache
Macro Webmin file installed as /usr/share/shorewall/macro.Webmin
Macro Whois file installed as /usr/share/shorewall/macro.Whois
Library base file installed as /usr/share/shorewall/lib.base
Library cli file installed as /usr/share/shorewall/lib.cli
Library common file installed as /usr/share/shorewall/lib.common

Compiler installed in /usr/share/shorewall/compiler.pl

Params file helper installed in /usr/share/shorewall/getparams
Module Shorewall/Accounting installed as /usr/share/shorewall/Shorewall/Accounting.pm
Module Shorewall/Chains installed as /usr/share/shorewall/Shorewall/Chains.pm
Module Shorewall/Compiler installed as /usr/share/shorewall/Shorewall/Compiler.pm
Module Shorewall/Config installed as /usr/share/shorewall/Shorewall/Config.pm
Module Shorewall/IPAddrs installed as /usr/share/shorewall/Shorewall/IPAddrs.pm
Module Shorewall/Misc installed as /usr/share/shorewall/Shorewall/Misc.pm
Module Shorewall/Nat installed as /usr/share/shorewall/Shorewall/Nat.pm
Module Shorewall/Proc installed as /usr/share/shorewall/Shorewall/Proc.pm
Module Shorewall/Providers installed as /usr/share/shorewall/Shorewall/Providers.pm
Module Shorewall/Proxyarp installed as /usr/share/shorewall/Shorewall/Proxyarp.pm
Module Shorewall/Raw installed as /usr/share/shorewall/Shorewall/Raw.pm
Module Shorewall/Rules installed as /usr/share/shorewall/Shorewall/Rules.pm
Module Shorewall/Tc installed as /usr/share/shorewall/Shorewall/Tc.pm
Module Shorewall/Tunnels installed as /usr/share/shorewall/Shorewall/Tunnels.pm
Module Shorewall/Zones installed as /usr/share/shorewall/Shorewall/Zones.pm
Program skeleton file footer installed as /usr/share/shorewall/prog.footer
Program skeleton file footer6 installed as /usr/share/shorewall/prog.footer6
Program skeleton file header installed as /usr/share/shorewall/prog.header
Program skeleton file header6 installed as /usr/share/shorewall/prog.header6
Man page shorewall-accounting.5.gz installed to /usr/share/man/man5/shorewall-accounting.5.gz
Man page shorewall-actions.5.gz installed to /usr/share/man/man5/shorewall-actions.5.gz
Man page shorewall-blacklist.5.gz installed to /usr/share/man/man5/shorewall-blacklist.5.gz
Man page shorewall.conf.5.gz installed to /usr/share/man/man5/shorewall.conf.5.gz
Man page shorewall-ecn.5.gz installed to /usr/share/man/man5/shorewall-ecn.5.gz
Man page shorewall-exclusion.5.gz installed to /usr/share/man/man5/shorewall-exclusion.5.gz
Man page shorewall-hosts.5.gz installed to /usr/share/man/man5/shorewall-hosts.5.gz
Man page shorewall-interfaces.5.gz installed to /usr/share/man/man5/shorewall-interfaces.5.gz
Man page shorewall-ipsets.5.gz installed to /usr/share/man/man5/shorewall-ipsets.5.gz
Man page shorewall-maclist.5.gz installed to /usr/share/man/man5/shorewall-maclist.5.gz
Man page shorewall-masq.5.gz installed to /usr/share/man/man5/shorewall-masq.5.gz
Man page shorewall-modules.5.gz installed to /usr/share/man/man5/shorewall-modules.5.gz
Man page shorewall-nat.5.gz installed to /usr/share/man/man5/shorewall-nat.5.gz
Man page shorewall-nesting.5.gz installed to /usr/share/man/man5/shorewall-nesting.5.gz
Man page shorewall-netmap.5.gz installed to /usr/share/man/man5/shorewall-netmap.5.gz
Man page shorewall-notrack.5.gz installed to /usr/share/man/man5/shorewall-notrack.5.gz
Man page shorewall-params.5.gz installed to /usr/share/man/man5/shorewall-params.5.gz
Man page shorewall-policy.5.gz installed to /usr/share/man/man5/shorewall-policy.5.gz
Man page shorewall-providers.5.gz installed to /usr/share/man/man5/shorewall-providers.5.gz
Man page shorewall-proxyarp.5.gz installed to /usr/share/man/man5/shorewall-proxyarp.5.gz
Man page shorewall-route_rules.5.gz installed to /usr/share/man/man5/shorewall-route_rules.5.gz
Man page shorewall-routes.5.gz installed to /usr/share/man/man5/shorewall-routes.5.gz
Man page shorewall-routestopped.5.gz installed to /usr/share/man/man5/shorewall-routestopped.5.gz
Man page shorewall-rules.5.gz installed to /usr/share/man/man5/shorewall-rules.5.gz
Man page shorewall-secmarks.5.gz installed to /usr/share/man/man5/shorewall-secmarks.5.gz
Man page shorewall-tcclasses.5.gz installed to /usr/share/man/man5/shorewall-tcclasses.5.gz
Man page shorewall-tcdevices.5.gz installed to /usr/share/man/man5/shorewall-tcdevices.5.gz
Man page shorewall-tcfilters.5.gz installed to /usr/share/man/man5/shorewall-tcfilters.5.gz
Man page shorewall-tcinterfaces.5.gz installed to /usr/share/man/man5/shorewall-tcinterfaces.5.gz
Man page shorewall-tcpri.5.gz installed to /usr/share/man/man5/shorewall-tcpri.5.gz
Man page shorewall-tcrules.5.gz installed to /usr/share/man/man5/shorewall-tcrules.5.gz
Man page shorewall-tos.5.gz installed to /usr/share/man/man5/shorewall-tos.5.gz
Man page shorewall-tunnels.5.gz installed to /usr/share/man/man5/shorewall-tunnels.5.gz
Man page shorewall-vardir.5.gz installed to /usr/share/man/man5/shorewall-vardir.5.gz
Man page shorewall-zones.5.gz installed to /usr/share/man/man5/shorewall-zones.5.gz
Man page shorewall.8.gz installed to /usr/share/man/man8/shorewall.8.gz
Man page shorewall-init.8.gz installed to /usr/share/man/man8/shorewall-init.8.gz
Man Pages Installed
Logrotate file installed as /etc/logrotate.d/shorewall
shorewall will start automatically in run levels as follows:
Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable
shorewall      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
shorewall Version 4.4.25.2 Installed

Done!

Setup

Public IP Address Range

If you have multiple public IP addresses, make sure your Internet facing ethernet device, eth1 in our case, has all of those public IPs assigned to it. Do this by:

  1. Copying the ifcfg-eth0 to ifcfg-eth0:x where x is a number, starting at 0, with the next public IP in the pool.
  2. In each ifcfg-eth0:x file:
    1. Add :x to DEVICE=eth1, for example DEVICE=eth1:0 in the ifcfg-eth0:0 file.
    2. Change the IP address in the IPADDR= line. For example, 208.67.144.34.
    3. Comment out the GATEWAY= line.

Here is an example showing what an ifcfg-eth0 and it's corresponding ifcfg-eth0:0 alias might look like: 

vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
HWADDR=00:16:36:71:84:2F
ONBOOT=yes
IPADDR=192.168.1.253
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
DNS1=192.139.81.117
DNS2=192.139.81.1

vim /etc/sysconfig/network-scripts/ifcfg-eth0:0

DEVICE=eth0:0
BOOTPROTO=static
HWADDR=00:16:36:71:84:2F
ONBOOT=yes
IPADDR=206.108.5.129
NETMASK=255.255.255.255

When done, simply restart networking: 

/etc/init.d/network restart

Or manually bring up each device with: 

ifup eth0:x

Setting x to the number of each alias device you are starting. If you are connected over ssh, using ifup is recommended as you are less likely to lose your ssh session.

Configuring Shorewall

All configuration files are in the following directory, unless explicitly defined: 

/etc/shorewall

The main Shorewall configuration file, which we will edit last is /etc/shorewall/shorewall.conf. </source>

The files to edit are listed in the order we will edit them in the following subsections.

zones

This controls the main "zones" used by Shorewall. The fw is special in that it defines the firewall itself. The net zone is the Internet-facing network (eth1 on the firewall). The loc is the local network, the virtual machine network on eth0.

Add: 

vim /etc/shorewall/zones

fw      firewall
net     ipv4
loc     ipv4

So that the 'zones' file looks like: 

###############################################################################
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc     ipv4

interfaces

Here you tell Shorewall which network zones are on which interfaces.

Add: 

vim /etc/shorewall/interfaces

net     eth1            detect          
loc     eth0            detect          dhcp

So that the interfaces file looks like: 

###############################################################################
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth1            detect          
loc     eth0            detect          dhcp

policy

Here you tell Shorewall what the default policy is for each network when receiving new connection requests. You don't need to worry about ESTABLISHED and RELATED connections as Shorewall handles these rules. The choices are:

  • ACCEPT
    • Accept the connection.
  • DROP
    • Ignore the connection request.
  • REJECT
    • Return an appropriate error to the connection request.

You can also set the log level for connection requests that fall off the chain and hit these policies. It's a good idea to log info level so you can see twits trying to do "bad things(tm)". 

vim /etc/shorewall/policy

# This allows the firewall out onto the Internet
fw      net     ACCEPT
# These are the default policies; All VMs are allowed out to the net, Anything
# from the Internet is DROPed and anything else to anything else is REJECTed
# and logged.
# - Anything from the firewall to the VMs is allowed.
fw      loc     ACCEPT
# - Protect the firewall from compromised servers. 
loc     fw      DROP
# - Let anything from the VMs out onto the Internet.
loc     net     ACCEPT
# - Drop and log anything else.
net     all     DROP            info

So that the policy file looks like: 

###############################################################################
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK
# This allows the firewall out onto the Internet
fw      net     ACCEPT
# These are the default policies; All VMs are allowed out to the net, Anything
# from the Internet is DROPed and anything else to anything else is REJECTed
# and logged.
# - Anything from the firewall to the VMs is allowed.
fw      loc     ACCEPT
# - Protect the firewall from compromised servers. 
loc     fw      DROP
# - Let anything from the VMs out onto the Internet.
loc     net     ACCEPT
# - Drop and log anything else.
net     all     DROP            info

rules

Here you tell Shorewall what the exceptions are to the default policies. The first rule to match is used. This is really the heart of the firewall.

The example below shows a setup where remote access in to the firewall itself is allowed only on port 22869 (modified SSH port). Then two Microsoft Windows servers are setup. Both servers are internally set to listen for RDP connections on the same default port (3389). To allow for this with just one external IP address, the firewall is told to route incoming connections on port 3394 to the internal machine at IP 192.168.1.11 on port 3393. Likewise, incoming connections on port 3393 will be forwarded to 192.168.1.10:3393. A few other ports are opened for various services as further examples.

Edit rules so that the it file looks like. 

vim /etc/shorewall/rules

############################################################################################################################################################
#ACTION         SOURCE          DEST                    PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME
#                                                               PORT    PORT(S)         DEST            LIMIT           GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW

### Rules for data going into the firewall. Consult /etc/services or your local
### search engine for ports and protocols used by your favourite programs.
# Allow SSH connections to the firewall itself.
ACCEPT          net             fw                      tcp     22
# Allow SSH and DHCP requests from the VMs into the firewall.
ACCEPT          loc             fw                      tcp     22
ACCEPT          loc             fw                      udp     67,68

### Forwards using DNAT
## Internet into 'vm0002_c6_ws1' (webserver)
#DNAT           <src>           loc:<ip>:<srv_port>     tcp    <ext_port>
# FTP
DNAT            net             loc:10.0.0.1:20         tcp    20
DNAT            net             loc:10.0.0.1:21         tcp    21
# SMTP
DNAT            net             loc:10.0.0.1:25         tcp    25
# DNS
DNAT            net             loc:10.0.0.1:53         tcp    53
# HTTP
DNAT            net             loc:10.0.0.1:80         tcp    80

masq

This is the file that handles MASQerading the virtual machine LAN (the loc zone). Even though there may be several public IP addresses, they are not SNATed to hosts but instead used as a pool of addresses to do Port Forward/DNATing on.

So to enable Internet access from your servers, you need to add a line with the Internet facing interface followed by the subnet that you will be MASQing. 

vim /etc/shorewall/masq

eth1                    192.168.1.0/24

So that the 'rules' file looks like: 

###############################################################################
#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK    USER/
#                                                                                       GROUP
eth1                    192.168.1.0/24

shorewall.conf

Once you have the above files in place, you need to enable the firewall.

Edit /etc/shorewall/shorewall.conf and change the following lines: 

vim /etc/shorewall/shorewall.conf

STARTUP_ENABLED=No
LOGFILE=/var/log/messages

To: 

STARTUP_ENABLED=Yes
LOGFILE=/var/log/shorewall

Starting the Firewall

To start the firewall, simply run: 

/etc/init.d/shorewall restart

The firewall should now be running. To see the new rules, simply run: 

iptables-save

This will print out the actual firewall rules. You will need some experience with iptables to understand all their meaning, but the general flow should be understandable.

Lastly, make sure the firewall starts on boot by running: 

chkconfig shorewall on

 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support 		Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.
Retrieved from ‘https://alteeve.com/w/index.php?title=Shorewall_on_RPM-based_Servers&oldid=3772