SHOREWALL


Shorewall adalah firewall salah satu tools firewall pada linux  yang corenya menggunakan iptables. Shorewall ini memudahkan sysadmin untuk mensetup firewall sesuai dengan kebutuhannya.

 

#cd /home/installer/

# wget http://slovakia.shorewall.net/pub/shorewall/4.4/shorewall-4.4.21/shorewall-4.4.21-0base.noarch.rpm

# rpm -ivh shorewall-4.4.21-0base.noarch.rpm

# cd /etc/shorewall/

# vim /etc/shorewall/shorewall.conf

STARTUP_ENABLED=Yes

CLAMPMSS=Yes

 

Parameter dasar yang perlu di konfigurasi adalah (secara berurutan):

  1. zones
  2. interfaces
  3. policy
  4. rules
zones

$FW     firewall  -> firewall itu sendir
loc        ipv4 -> interface ke local LAN
net       ipv4 -> inteface ke ISP
intefaces
loc      eth0   tcpflag,nosmurfs
net     eth1   tcpflag,nosmurfs
Options:

dhcp,blacklist,logmartians=1,nets=(!$LOC_SUBNET),nosmurfs,routefilter=1,tcpflags
dhcp,nets=($LOC_SUBNET)

policy


$FW     all     ACCEPT    (ini yang paling penting diperhatikan)  atau ini dapat diganti dengan  ($FW      loc     ACCEPT     &  $FW     net      ACCEPT)
loc        $FW     DROP    info
loc        net        DROP    info
net       $FW      DROP    info
net       loc         DROP    info
all        all          DROP     info

Options: $LOG

rules
ACCEPT      loc     $FW     tcp     21,22,25,53,80,110,143,443
ACCEPT     loc      $FW    udp     53
ACCEPT     loc       net       tcp     21,22,25,53,80,110,143,443
ACCPET     loc      net       udp    53
format lain:

DNAT     net                     loc:192.168.221.5:443    tcp     443
ACCEPT          fw                      net                     tcp     80
REDIRECT        loc:!192.168.221.200    3128                    tcp     80      -       !192.168.221.254,192.168.221.4
ACCEPT          loc:192.168.221.200     net                     tcp     80
ACCEPT:$LOG     net                     fw                      tcp     22                      # SSH
ACCEPT          net                     fw                      icmp    8  # Ping

ACCEPT:info     loc                     fw                      tcp     22                      # SSH
/etc/init.d/shorewall restart
iptables -nL
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

shisdew

Listens until think alike

moses.spaceku@yahoo.com / voip ipbx

Hosted PBX, IP-PBX SOHO/ CALL CENTER, VOICE GATEWAY, VOICE CARD, COST EFECTIVE SOLUTIONS (LCR), GSM/CDMA GATEWAY

%d bloggers like this: