mirroir readonly du Gitit wiki.evolix.org (attention, ne rien commiter/merger sur ce dépôt) https://wiki.evolix.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.2 KiB

Cette page a été importée automatiquement de notre ancien wiki mais n’a pas encore été révisée.

Howto Shorewall

Ajouter une autorisation se fait dans le fichier /etc/shorewall/rules

Pour relancer le firewall :

# shorewall safe-restart
Compiling...
Initializing...
Determining Zones...
   IPv4 Zones: net
   Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
   net Zone: eth0:0.0.0.0/0
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Creating Interface Chains...
Compiling Common Rules
Adding Anti-smurf Rules
Adding rules for DHCP
Enabling RFC1918 Filtering
Compiling TCP Flags checking...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/rules...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling Traffic Control Rules...
Compiling Rule Activation...
Compiling IP Forwarding...
Shorewall configuration compiled to /var/lib/shorewall/.restart
   Dynamic Rules Saved
   Currently-running Configuration Saved to /var/lib/shorewall/.safe
Restarting...
Restarting Shorewall....
Initializing...
Clearing Traffic Control/QOS
Deleting user chains...
Enabling Loopback and DNS Lookups
Setting up dynamic rules...
Creating Interface Chains...
Setting up SMURF control...
Setting up Black List...
Adding Anti-smurf Jumps...
Setting up rules for DHCP...
Setting up RFC1918 Filtering...
Setting up TCP Flags checking...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up SYN Flood Protection...
Setting up Rules...
Setting up Actions...
Creating action chain Drop
Creating action chain Reject
Creating action chain dropBcast
Creating action chain dropInvalid
Creating action chain dropNotSyn
Applying Policies...
Activating Rules...
IP Forwarding Enabled
done.
Do you want to accept the new firewall configuration? [y/n] y
New configuration has been accepted