====== Shorewall ======

===== Installation =====

Exemples de fichiers dans ''/usr/share/shorewall/configfiles/''. 2 versions des fichiers, 1 en ''.annotated''.

<code>
$ cat /etc/shorewall/interfaces 
#
# Shorewall -- /etc/shorewall/interfaces
#
# For information about entries in this file, type "man shorewall-interfaces"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-interfaces.html
#
?FORMAT 2
###############################################################################
#ZONE		INTERFACE		OPTIONS

net eth0 dhcp,tcpflags,logmartians,nosmurfs
lan eth1
</code>

<code>
$ cat /etc/shorewall/zones 
# Shorewall -- /etc/shorewall/zones
#
# For information about this file, type "man shorewall-zones"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-zones.html
#
###############################################################################
#ZONE		TYPE		OPTIONS		IN_OPTIONS	OUT_OPTIONS

fw		firewall
net	ipv4
lan	ipv4
</code>

<code>
$ cat /etc/shorewall/policy 
#
# Shorewall -- /etc/shorewall/policy
#
# For information about entries in this file, type "man shorewall-policy"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-policy.html
#
###############################################################################
#SOURCE		DEST		POLICY	LOGLEVEL	RATE	CONNLIMIT

$FW		net		ACCEPT
net		all		DROP	info
lan		all		ACCEPT	info
# The FOLLOWING POLICY MUST BE LAST
all		all		REJECT	info
</code>

<code>
$ cat /etc/shorewall/rules 
#
# Shorewall -- /etc/shorewall/rules
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
##############################################################################################################################################################
#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER

?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW

ACCEPT	net	$FW	icmp	8
ACCEPT	net	$FW	tcp	22
ACCEPT	net	$FW	tcp	80
ACCEPT	net	$FW	tcp	443
</code>