Here are the steps I used to configure a simple Shorewall firewall on Ubuntu Lucid (10.04). The firewall provides SSH and webserver access only; all other ports are blocked.
-
Install the Shorewall firewall. Version 4.4.x was available on Lucid at the time of writing.
sudo apt-get install shorewall
-
Backup the original configuration, just in case.
sudo cp -p /etc/shorewall/shorewall.conf /etc/shorewall/shorewall.conf.orig
-
Copy the provided configuration for a single-interface machine.
sudo cp -p /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
-
Add rules to allow SSH and web access.
sudo nano /etc/shorewall/rules
Changes:SSH(ACCEPT) net $FW Web(ACCEPT) net $FW
-
Edit Shorewall config to allow the firewall to start.
sudo nano /etc/shorewall/shorewall.conf
Changes:STARTUP_ENABLED=Yes
-
Edit Ubuntu's Shorewall config to allow the firewall to start.
sudo nano /etc/default/shorewall
Changes:startup = 1
-
Start the firewall.
sudo /etc/init.d/shorewall start
-
Observe the new rules.
sudo /sbin/iptables -L
More information:
- Standalone Firewall on Shorewall site
- Installing Shorewall Firewall In Ubuntu/Debian
No comments:
Post a Comment