On Tue, 2004-11-02 at 23:53 -0500, Phil Schaffner wrote: > Well, checked out shorewall and it does indeed seem powerful and > thoroughly documented, but is overkill for my little home network > requirements, plus must admit to having gotten used to the Firestarter > cute GUI - a tough admission from an old command-line guy. You are more than welcome to keep Firestarter. No one tool is suitable for all tasks. However, should you desire to attempt Shorewall, let me offer (from memory, so not 100% guaranteed!) a quick-quick-start: 1. Create a "net" and a "loc" zone in zones file. Probably already there, not much to do. If not there, format is "net Net Internet" and "loc Local Local Zone". 2. Write "eth0 net" and "eth1 loc" lines in interfaces file. Check that eth0 is actually your outside interface, adjust to needs. For reference, since my Internet access (external) interface gets its address via DHCP, mine actually say: net eth0 detect blacklist,dhcp loc eth1 detect 3. Check that "loc net ACCEPT" in in policy file if you want your local network unrestricted access to the Net (most common). 4. Add rules like "AllowSSH net fw" into the rules file. 5. Add "eth1" (your local interface) to the routestopped file. 6. If you want the local network on eth1 to access the Internet via eth0 using masquerading, add "eth0 eth1" to the masq file. 7. Remove the startup_disabled file. 8. /sbin/chkconfig shorewall on 9. /sbin/service shorewall start That, and a little judicious reading of the docs inside each file, should have you up and running in less than 100 seconds if I haven't made any grievous mistakes. But even if I have, it's a good start to show what needs to be done to get the average home firewall up and running with Shorewall. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part