I'm following the document; <http://flurdy.com/docs/postfix/>,
and
SSH only
By default Shorewall in Ubuntu has an empty set up. You can find the
default values for Shorewall in
/usr/share/doc/shorwall-common/default-config. And examples in
/usr/share/doc/shorwall-common/examples. We will create a basic set up.
First configure which network adapters we are accessing the net.
cp /usr/share/doc/shorewall-common/default-config/interfaces
/etc/shorewall/
vi /etc/shorewall/interfaces net eth0 detect
dhcp,tcpflags,logmartians,nosmurfs
Then we will configure network zones
cp /usr/share/doc/shorewall-common/default-config/zones /etc/shorewall/
vi /etc/shorewall/zones
Add the firewall if not there and the internet as a zone. fw firewall
# loc ipv4 net ipv4
Then if needed to specify hosts you can do it in this file. E.g. If you
wanto specify what is your home IP etc.
cp /usr/share/doc/shorewall-common/default-config/hosts /etc/shorewall/
vi /etc/shorewall/hosts
# loc eth0:192.168.0.0/24
Then set what is the default policy for firewall access.
cp /usr/share/doc/shorewall-common/default-config/policy /etc/shorewall/
vi /etc/shorewall/policy
$FW net ACCEPT net
$FW DROP info net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
For safety in case it goes down.
cp /usr/share/doc/shorewall-common/default-config/routestopped
/etc/shorewall/
vi /etc/shorewall/routestopped
eth0 0.0.0.0 routeback You may put in a netmask of your ip range if you
are more concerned.
Now for the main firewall rules. You can find predetermined macro rules
for Shorewall in /usr/share/shorewall.
cp /usr/share/doc/shorewall-common/default-config/rules /etc/shorewall/
vi /etc/shorewall/rules
SSH/ACCEPT net $FW
Open for business
Once your server is working come back to this step and open up SMTP and
Web access to others.
vi /etc/shorewall/rules
Ping/ACCEPT net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone ACCEPT
$FW net icmp
# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
#web
Web/ACCEPT net $FW
I get finished with the "Open For Business" section, and I run the command;
sudo shorewall check
and I'm getting this error message;
Validating Policy File....
ERROR: undefined zone ]
I'm not sitting in front of that machine, so I'm transcribing the error
message.
I've double and triple checked all previous edits, and they all appear
to be correct.
Any other pointers that would help out.
--
Rodney D. Myers <[email protected]>
ICQ#: AIM#: YAHOO:
18002350 mailman452 mailman42_5
They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety.
Ben Franklin - 1759
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
