[Shorewall-newbies] simple firewall setup

linuxg33k linuxg33k at shaw.ca
Sat Dec 27 15:39:00 PST 2003


Hi.

I have read all the documentation on the Shorewall website, news groups, 
googled every piece of information that I could on the following and 
asked on IRC about possible solutions.

The problem is that all the documentation assumes that shorewall is 
being used in a firewall/router scenario, and all the configuration 
files seem to be geared toward setting up zones on various interfaces 
and routing between them as the primary focus.  Everything is 
overshooting  my needs - all the information so far stipulates setting 
up  multiple network cards, multiple zones, multiple definitions of 
zones, assigning zones to network interfaces and routing between those.  

I have an off the shelf Netgear firewall/router and 3 linux machines 
behind it, one of the boxes will be a backup server that should only 
talk to the other two and nothing more - kiss principle i guess.  All I 
am interested in is using shorewall on an internal network to send and 
recieve all traffic on a an internal ip range of something like 
192.168.0.2/192.168.0.50 on eth 0, and perhaps add port blocking to 
reduce access even further.

*How do I simply tell shorewall to accept all traffic from ip range of 
 192.168.0.2/192.168.0.5 on eth0?  Are there any examples of this with 
port filtering as well?*

I have tried setting up zones, setting up hosts, setting up policies, 
defining interfaces, blacklists, but nothing really jumps out as to how 
to setup a simple personal firewall.

Any tips would be greatly appreciated.  


- Rob



More information about the Shorewall-newbies mailing list