Wednesday, June 14, 2006

installing shorwall firewall on debian stable server
(with no Local Private net , is just an hosting server with one eth0 connection to the net)

apt-get install shorewall

# vi /etc/default/shorewall

Now simply change

startup = 0

to

startup = 1

save, and exit.
vi /etc/shorewall/zones

#ZONE DISPLAY COMMENTS
net Net Internet


vi /etc/shorewall/interfaces
net eth0 detect routefilter,norfc1918,logmartians,nosmurfs,tcpflags,blacklist


vi /etc/shorewall/policy
fw net ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info

vi /etc/shorwall/rules
ACCEPT net fw icmp 8
ACCEPT fw net icmp
ACCEPT net fw tcp ssh www

recheck the configuration files
cat
/etc/shorwall/rules
cat
/etc/shorewall/policy
cat /etc/shorewall/interfaces

shorewall check

then try to login with ssh from outside
then scan yourself with nmap scanner (from an outside site)
nmap -v -Ss 192.x.x.x




::::

No comments: