Shorewall is an open-source firewall tool for Linux that builds upon the Netfilter system built into the Linux kernel.

Step1. Install package

yum install shorewall

Step2. Configure the zones file add below lines

vi /etc/shorewall/zones
 
Add the following entires:
 fw      firewall
 wan     ipv4                            
 lan     ipv4

Step3. Configure the interfaces file

vi /etc/shorewall/interfaces
 
Add the following entires:
 wan     eth0         routefilter,blacklist,tcpflags,logmartians,nosmurfs
 lan     eth1

Step4. Configure the policy file

vi /etc/shorewall/policy
 
Add the following entires:
 lan     all     ACCEPT
 $FW     all     ACCEPT
 wan     all     DROP    info
 
Note: This must be last rule
 all     all     REJECT  info

Step5. Configure the rules file

Note: You can allow access to applications servers such as FTP, HTTP, HTTPS and many more as defined here.

cat /usr/share/shorewall/macro.Ping

Step6. Configure the shorewall.conf file

vi /etc/shorewall/shorewall.conf
STARTUP_ENABLED=Yes

Step7. Check the configuration

shorewall check

Step8. Start/stop/restart the service

service shorewall start
service shorewall stop
service shorewall restart
service shorewall status

Step9. Checklist firewall rules

# shorewall show

LEAVE A REPLY

Please enter your comment!
Please enter your name here