# rpm -ivh http://slovakia.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25-3.noarch.rpmRetrieving http://slovakia.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.4/shorewall-4.4.25/shorewall-4.4.25-3.noarch.rpmwarning: /var/tmp/rpm-tmp.qc6WVw: Header V4 DSA/SHA1 Signature, key ID 6c562ac4: NOKEYPreparing...                ########################################### [100%]   1:shorewall              ########################################### [100%]

netkiller@shenzhen:~$ apt-cache search shorewallshorewall - Shoreline Firewall (Shorewall), a high-level tool for configuring Netfiltershorewall-doc - documentation for Shorewall firewallshorewall-lite - Shorewall (lite version), a high-level tool for configuring Netfilternetkiller@shenzhen:~$

install

sudo apt-get install shorewall

copy config file to /etc/shorewall/

sudo cp /usr/share/doc/shorewall/default-config/modules /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/policy /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/nat /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/zones /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/maclist /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/blacklist /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/interfaces /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/rules /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/hosts /etc/shorewall/sudo cp /usr/share/doc/shorewall/default-config/masq /etc/shorewall/

# cat /etc/shorewall/zones## Shorewall version 4 - Zones File## For information about this file, type "man shorewall-zones"## The manpage is also online at# http://www.shorewall.net/manpages/shorewall-zones.html#################################################################################ZONE   TYPE            OPTIONS         IN                      OUT#                                       OPTIONS                 OPTIONS#fw     firewallouside  waninside  landmz     dmz

# cat /etc/shorewall/policy## Shorewall version 4 - Policy File## For information about entries in this file, type "man shorewall-policy"## The manpage is also online at# http://www.shorewall.net/manpages/shorewall-policy.html#################################################################################SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:#                               LEVEL   BURST           MASKinside  outside ACCEPTdmz     outside ACCEPTinside  dmz     ACCEPToutside all     DROPall     all     REJECT

# cat /etc/shorewall/interfaces## Shorewall version 4 - Interfaces File## For information about entries in this file, type "man shorewall-interfaces"## The manpage is also online at# http://www.shorewall.net/manpages/shorewall-interfaces.html#################################################################################ZONE   INTERFACE       BROADCAST       OPTIONSoutside eth0    detectinside  eth1    detectdmz     eth2    detect

# cat /etc/shorewall/masq## Shorewall version 4 - Masq file## For information about entries in this file, type "man shorewall-masq"## The manpage is also online at# http://www.shorewall.net/manpages/shorewall-masq.html###############################################################################################INTERFACE:DEST         SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK    USER/#                                                                                       GROUPeth0    192.168.0.0/24

# cat /etc/shorewall/rules## Shorewall version 4 - Rules File## For information on the settings in this file, type "man shorewall-rules"## The manpage is also online at# http://www.shorewall.net/manpages/shorewall-rules.html########################################################################################################################################################################################ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME         HEADERS         SWITCH#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP#SECTION BLACKLIST#SECTION ALL#SECTION ESTABLISHED#SECTION RELATEDSECTION NEWACCEPT  any     outside tcp     httpACCEPT  any     inside  tcp     httpACCEPT  dmz     inside  tcp     smtpACCEPT 	any 	inside	tcp 	sshACCEPT 	any 	dmz		tcp 	sshACCEPT 	dmz 	any		tcp 	sshSSH(ACCEPT) net all        -           -            -         -                s:1/min:3

# cat /etc/shorewall/params## Shorewall version 4 - Params File## /etc/shorewall/params##       Assign any variables that you need here.##       It is suggested that variable names begin with an upper case letter#       to distinguish them from variables used internally within the#       Shorewall programs##       Example:##               NET_IF=eth0#               NET_BCAST=130.252.100.255#               NET_OPTIONS=routefilter,norfc1918##       Example (/etc/shorewall/interfaces record):##               net     $NET_IF         $NET_BCAST      $NET_OPTIONS##       The result will be the same as if the record had been written##               net     eth0            130.252.100.255 routefilter,norfc1918#################################################################################LAST LINE -- DO NOT REMOVE