SHOREWALL TWO INTERFACE


Setup firewall in LOCAL NETWORK

eth0  = LAN
eth1  = ISP
$FW   = FIREWALL

#
# Shorewall version 4 - Zones File
#
# For information about this file, type "man shorewall-zones"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-zones.html
#
###############################################################################
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
loc     ipv4                            # interface ke LAN
===========================================================================================================
# http://www.shorewall.net/manpages/shorewall-interfaces.html
#
###############################################################################
#ZONE   INTERFACE       BROADCAST       OPTIONS
loc     eth0    detect  noping,norfc1918,routefilter,blacklist,tcpflags,logmartians,nosmurfs,routefilter=1,logmartians=1
net     eth1    detect  blacklist,logmartians=1,nosmurfs,routefilter=1,tcpflags

===========================================================================================================
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-policy.html
#
###############################################################################
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK
$FW     all     ACCEPT  info
loc     $FW     DROP    info
loc     net     DROP    info
net     $FW     DROP    info
net     loc     DROP    info
all     all     DROP    info
===========================================================================================================
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################################
#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME         HEADERS
#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
#SECTION ESTABLISHED
#SECTION RELATED
#SECTION NEW
ACCEPT:info     loc     $FW     tcp     21,22,25,53,110,143,443,10000
ACCEPT:info     loc     $FW     udp     53
ACCEPT:info     loc     net     tcp     21,22,25,53,110,143,443,10000
ACCEPT:info     loc     net     udp     53
ACCEPT:info     net     $FW     tcp     10000
ACCEPT:info     net     loc     tcp     10000
===========================================================================================================
# Please see http://shorewall.net/blacklisting_support.htm for additional
# information.
#
###############################################################################
#ADDRESS/SUBNET         PROTOCOL        PORT    OPTIONS
192.168.0.7     tcp     22
===========================================================================================================
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

shisdew

Listens until think alike

moses.spaceku@yahoo.com / voip ipbx

Hosted PBX, IP-PBX SOHO/ CALL CENTER, VOICE GATEWAY, VOICE CARD, COST EFECTIVE SOLUTIONS (LCR), GSM/CDMA GATEWAY

%d bloggers like this: