Protect your slice

Shorewall (Shorewall MAN pages) is a easy to deploy firewall for Linux, below are steps to set it up for your on your server. Good references and further readings at this, this and this forum thread

Install shorewall

apt-get install shorewall shorewall-common

change directory

cd /etc/shorewall

copy example files for one-interface for editing

sudo cp /usr/share/doc/shorewall-common/examples/one-interface/* .

edit rules file nano rules

add below lines before end of file


ACCEPT net fw tcp 9315
ACCEPT net fw tcp 80

edit shorewall.conf file to make it start on boot

nano /etc/shorewall/shorewall.conf

change

STARTUP_ENABLED=Yes

Now edit file /etc/default/shorewall

Look for the “startup” parameter and change it from 0 to 1. This is to prevent startup with default configuration.

Last run a check on configuration shorewall check

You should see shorewall configuration verified at the end

Last step start shorewall invoke-rc.d shorewall start you should see

Starting "Shorewall firewall": done.

If you want to check logs they are saved at /var/log/shorewall-init.log

You could also output your configuration by iptables -L, I have yet to learn how to read it though.

A lot of people use nmap to scan ports to ensure security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: