Monday, October 17, 2011

Simple Shorewall config on Ubuntu server

Here are the steps I used to configure a simple Shorewall firewall on Ubuntu Lucid (10.04). The firewall provides SSH and webserver access only; all other ports are blocked.

  1. Install the Shorewall firewall. Version 4.4.x was available on Lucid at the time of writing.
    sudo apt-get install shorewall
  2. Backup the original configuration, just in case.
    sudo cp -p /etc/shorewall/shorewall.conf /etc/shorewall/shorewall.conf.orig
  3. Copy the provided configuration for a single-interface machine.
    sudo cp -p /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
  4. Add rules to allow SSH and web access.
    sudo nano /etc/shorewall/rules
    Changes:
    SSH(ACCEPT)     net             $FW
    Web(ACCEPT)     net             $FW
    
  5. Edit Shorewall config to allow the firewall to start.
    sudo nano /etc/shorewall/shorewall.conf
    Changes:
    STARTUP_ENABLED=Yes
    
  6. Edit Ubuntu's Shorewall config to allow the firewall to start.
    sudo nano /etc/default/shorewall
    Changes:
    startup = 1
    
  7. Start the firewall.
    sudo /etc/init.d/shorewall start
  8. Observe the new rules.
    sudo /sbin/iptables -L

More information:

No comments:

Post a Comment