How do I install a firewall for linux (3 choices)
Page 1 of 1
How do I install a firewall for linux (3 choices)
A GUI Firewall called ufw
First, obviously, you want to make sure UFW is installed. It should be installed by default in Ubuntu, but if for some reason it’s not, you can install the package using aptitude or apt-get using the following commands:
Linux mint comes with this already installed without the GUI so you can install the GUI with this command
Check the Status
You can check the status of UFW by typing:
Right now, it will probably tell you it is inactive. Whenever ufw is active, you’ll get a listing of the current rules that looks similar to this:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
Set Up Defaults
One of the things that will make setting up any firewall easier is to define some default rules for allowing and denying connections. UFW’s defaults are to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world. To set the defaults used by UFW, you would use the following commands:
and
Note: if you want to be a little bit more restrictive, you can also deny all outgoing requests as well. The necessity of this is debatable, but if you have a public-facing cloud server, it could help prevent against any kind of remote shell connections. It does make your firewall more cumbersome to manage because you’ll have to set up rules for all outgoing connections as well. You can set this as the default with the following:
sudo ufw default deny outgoing
Allow Connections
The syntax is pretty simple. You change the firewall rules by issuing commands in the terminal. If we turned on our firewall now, it would deny all incoming connections. If you’re connected over SSH to your cloud server, that would be a problem because you would be locked out of your server. Let’s enable SSH connections to our server to prevent that from happening:
As you can see, the syntax for adding services is pretty simple. UFW comes with some defaults for common uses. Our SSH command above is one example. It’s basically just shorthand for:
This command allows a connection on port 22 using the TCP protocol. If our SSH server is running on port 2222, we could enable connections with the following command:
Other Connections We Might Need
Now is a good time to allow some other connections we might need. If we’re securing a web server with FTP access, we might need these commands:
You mileage will vary on what ports and services you need to open. There will probably be a bit of testing necessary. In addition, you want to make sure you leave your SSH connection allowed.
Port Ranges
You can also specify port ranges with UFW. To allow ports 1000 through 2000, use the command:
If you want UDP:
IP Addresses
You can also specify IP addresses. For example, if I wanted to allow connections from a specific IP address (say my work or home address), I’d use this command:
Denying Connections
Our default set up is to deny all incoming connections. This makes the firewall rules easier to administer since we are only selectively allowing certain ports and IP addresses through. However, if you want to flip it and open up all your server’s ports (not recommended), you could allow all connections and then restrictively deny ports you didn’t want to give access to by replacing “allow” with “deny” in the commands above. For example:
would allow access to port 80 while:
would deny access to port 80.
Deleting Rules
There are two options to delete rules. The most straightforward one is to use the following syntax:
As you can see, we use the command “delete” and input the rules you want to eliminate after that. Other examples include:
or
This can get tricky when you have rules that are long and complex. A simpler, two-step alternative is to type:
which will have UFW list out all the current rules in a numbered list. Then, we issue the command:
where “[number]” is the line number from the previous command.
Turn It On
After we’ve gotten UFW to where we want it, we can turn it on using this command (remember: if you’re connecting via SSH, make sure you’ve set your SSH port, commonly port 22, to be allowed to receive connections):
You should see the command prompt again if it all went well. You can check the status of your rules now by typing:
or
for the most thorough display.
To turn UFW off, use the following command:
Reset Everything
If, for whatever reason, you need to reset your cloud server’s rules to their default settings, you can do this by typing this command:
Found at https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Option 2 ).
Found at http://rocky.eld.leidenuniv.nl/joomla/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A NON GUI firewall
(Option 3 not sure this is very simple))
How do I install shorewall?
Type the following command as root user:
Shorewall Configuration Files
All files are located in /etc/shorewall/ directory as follows:
Configuration
Turn on firewall by editing /etc/default/shorewall file, enter:
Set the startup varible to 1 in order to allow Shorewall to start:
startup=1
Save and close the file.
Step #1: Define network zones
Edit /etc/shorewall/zones, enter:
Append the following code:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
Where,
Step #2: Create interfaces
Create a interface file as follows:
Append the following code:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect tcpflags,logmartians,nosmurfs
net eth1 detect dhcp
net ppp+ detect dhcp
Save and close the file. In this example I've defined the firewall's network interfaces (eth0) to Shorewall.
Where,
net eth1 detect dhcp - eth1 is my net zone interface. This my wireless interface.
net ppp+ detect dhcp - ppp+ (ppp0, ppp1 and so on) is my net zone interface. This is used by pppd (e.g., pptp vpn client)
Step #3: Define shorewall policy
Edit /etc/shorewall/policy, enter:
Append the code as follows:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw all ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
Where,
Step #4: Open required ports (if any)
Edit /etc/shorewall/rules, enter:
Append the following code:
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
ACCEPT net $FW:192.168.1.5 TCP 9500
ACCEPT net $FW:192.168.1.5 UDP 9500
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping(DROP) net $FW
In this example, I'm accepting bittorrent traffic on TCP / UDP port # 9500 forwarded by ISP router. You can use the rule as follows to open smtp and ssh ports:
#Forward all ssh and http connection requests from the internet to local system 192.168.1.5
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
ACCEPT net $FW:192.168.1.5 tcp ssh,http
Save and close the file.
How do I start / stop / restart shoewall?
Use the following command:
Sample outputs:
horewall 4.4.11.6 filter Table at wks01 - Sat Aug 18 03:19:49 IST 2012
Counters reset Sat Aug 18 03:18:53 IST 2012
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
23 3176 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW
29 3540 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp+_in all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW
0 0 ppp+_fwd all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
30 4184 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
How do I see the IP connections currently being tracked by the firewall?
Sample outputs:
Shorewall 4.4.11.6 Zones at wks01 - Sat Aug 18 03:21:30 IST 2012
fw (firewall)
net (ipv4)
eth0:0.0.0.0/0
eth1:0.0.0.0/0
ppp+:0.0.0.0/0
How do I see firewall logs?
The hits command generates several reports from Shorewall log messages in the current log file:
Sample outputs:
Shorewall 4.4.11.6 Hits at wks01 - Sat Aug 18 03:23:09 IST 2012
HITS IP DATE
---- --------------- ------
3955 192.168.1.2 Aug 17
2059 192.168.1.2 Aug 13
1939 192.168.1.2 Aug 15
960 192.168.1.2 Aug 14
624 192.168.1.2 Aug 18
592 192.168.1.2 Aug 16
555 192.168.1.2 Aug 12
21 192.168.1.10 Aug 18
21 192.168.1.10 Aug 13
1 209.133.67.35 Aug 17
HITS IP PORT
---- --------------- -----
4523 192.168.1.2 59092
1955 192.168.1.2 41859
1595 192.168.1.2 35511
464 192.168.1.2 35351
443 192.168.1.2 50015
368 192.168.1.2 32827
352 192.168.1.2 44954
296 192.168.1.2 50840
264 192.168.1.2 48698
216 192.168.1.2 37711
160 192.168.1.2 45371
48 192.168.1.2 56431
42 192.168.1.10 22
1 209.133.67.35 0
HITS DATE
---- ------
3956 Aug 17
2080 Aug 13
1939 Aug 15
960 Aug 14
645 Aug 18
592 Aug 16
555 Aug 12
HITS PORT SERVICE(S)
---- ----- ----------
4523 59092
1955 41859
1595 35511
464 35351
443 50015
368 32827
352 44954
296 50840
264 48698
216 37711
160 45371
48 56431
42 22 ssh
Found at http://www.cyberciti.biz/faq/debian-ubuntu-linux-shorewall-firewall-configuration/
First, obviously, you want to make sure UFW is installed. It should be installed by default in Ubuntu, but if for some reason it’s not, you can install the package using aptitude or apt-get using the following commands:
- Code:
sudo apt-get install -y ufw
Linux mint comes with this already installed without the GUI so you can install the GUI with this command
- Code:
sudo apt-get install -y GUFW
Check the Status
You can check the status of UFW by typing:
- Code:
sudo ufw status
Right now, it will probably tell you it is inactive. Whenever ufw is active, you’ll get a listing of the current rules that looks similar to this:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
Set Up Defaults
One of the things that will make setting up any firewall easier is to define some default rules for allowing and denying connections. UFW’s defaults are to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world. To set the defaults used by UFW, you would use the following commands:
- Code:
sudo ufw default deny incoming
and
- Code:
sudo ufw default allow outgoing
Note: if you want to be a little bit more restrictive, you can also deny all outgoing requests as well. The necessity of this is debatable, but if you have a public-facing cloud server, it could help prevent against any kind of remote shell connections. It does make your firewall more cumbersome to manage because you’ll have to set up rules for all outgoing connections as well. You can set this as the default with the following:
sudo ufw default deny outgoing
Allow Connections
The syntax is pretty simple. You change the firewall rules by issuing commands in the terminal. If we turned on our firewall now, it would deny all incoming connections. If you’re connected over SSH to your cloud server, that would be a problem because you would be locked out of your server. Let’s enable SSH connections to our server to prevent that from happening:
- Code:
sudo ufw allow ssh
As you can see, the syntax for adding services is pretty simple. UFW comes with some defaults for common uses. Our SSH command above is one example. It’s basically just shorthand for:
- Code:
sudo ufw allow 22/tcp
This command allows a connection on port 22 using the TCP protocol. If our SSH server is running on port 2222, we could enable connections with the following command:
- Code:
sudo ufw allow 2222/tcp
Other Connections We Might Need
Now is a good time to allow some other connections we might need. If we’re securing a web server with FTP access, we might need these commands:
- Code:
sudo ufw allow www
- Code:
sudo ufw allow 80/tcp
- Code:
sudo ufw allow ftp
- Code:
sudo ufw allow 21/tcp
You mileage will vary on what ports and services you need to open. There will probably be a bit of testing necessary. In addition, you want to make sure you leave your SSH connection allowed.
Port Ranges
You can also specify port ranges with UFW. To allow ports 1000 through 2000, use the command:
- Code:
sudo ufw allow 1000:2000/tcp
If you want UDP:
- Code:
sudo ufw allow 1000:2000/udp
IP Addresses
You can also specify IP addresses. For example, if I wanted to allow connections from a specific IP address (say my work or home address), I’d use this command:
- Code:
sudo ufw allow from 192.168.255.255
Denying Connections
Our default set up is to deny all incoming connections. This makes the firewall rules easier to administer since we are only selectively allowing certain ports and IP addresses through. However, if you want to flip it and open up all your server’s ports (not recommended), you could allow all connections and then restrictively deny ports you didn’t want to give access to by replacing “allow” with “deny” in the commands above. For example:
- Code:
sudo ufw allow 80/tcp
would allow access to port 80 while:
- Code:
sudo ufw deny 80/tcp
would deny access to port 80.
Deleting Rules
There are two options to delete rules. The most straightforward one is to use the following syntax:
- Code:
sudo ufw delete allow ssh
As you can see, we use the command “delete” and input the rules you want to eliminate after that. Other examples include:
- Code:
sudo ufw delete allow 80/tcp
or
- Code:
sudo ufw delete allow 1000:2000/tcp
This can get tricky when you have rules that are long and complex. A simpler, two-step alternative is to type:
- Code:
sudo ufw status numbered
which will have UFW list out all the current rules in a numbered list. Then, we issue the command:
- Code:
sudo ufw delete [number]
where “[number]” is the line number from the previous command.
Turn It On
After we’ve gotten UFW to where we want it, we can turn it on using this command (remember: if you’re connecting via SSH, make sure you’ve set your SSH port, commonly port 22, to be allowed to receive connections):
- Code:
sudo ufw enable
You should see the command prompt again if it all went well. You can check the status of your rules now by typing:
- Code:
sudo ufw status
or
- Code:
sudo ufw status verbose
for the most thorough display.
To turn UFW off, use the following command:
- Code:
sudo ufw disable
Reset Everything
If, for whatever reason, you need to reset your cloud server’s rules to their default settings, you can do this by typing this command:
- Code:
sudo ufw reset
Found at https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Option 2 ).
Found at http://rocky.eld.leidenuniv.nl/joomla/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A NON GUI firewall
(Option 3 not sure this is very simple))
How do I install shorewall?
Type the following command as root user:
- Code:
# apt-get install shorewall shorewall-common shorewall-shell
Shorewall Configuration Files
All files are located in /etc/shorewall/ directory as follows:
- /etc/shorewall/shorewall.conf - Shorewall global configuration file.
- /etc/shorewall/interfaces - The interfaces file serves to define the firewall's network interfaces to Shorewall.
- /etc/shorewall/policy - Shorewall policy file for connections between zones defined in /etc/shorewall/zones config file.
- /etc/shorewall/rules - Shorewall rules file.
- /etc/shorewall/zones - The /etc/shorewall/zones file declares your network zones. You specify the hosts in each zone through entries in /etc/shorewall/interfaces or /etc/shorewall/hosts.
Configuration
Turn on firewall by editing /etc/default/shorewall file, enter:
- Code:
# vi /etc/default/shorewall
Set the startup varible to 1 in order to allow Shorewall to start:
startup=1
Save and close the file.
Step #1: Define network zones
Edit /etc/shorewall/zones, enter:
- Code:
# vi /etc/shorewall/zones
Append the following code:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
Where,
- fw firewall - Zone name. Designates the firewall itself. You must have exactly one 'firewall' zone. No options are permitted with a 'firewall' zone. The name that you enter in the ZONE column will be stored in the shell variable $FW which you may use in other configuration files to designate the firewall zone.
- net ipv4 - Zone name. This is the standard Shorewall zone.
Step #2: Create interfaces
Create a interface file as follows:
- Code:
# vi /etc/shorewall/interfaces
Append the following code:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect tcpflags,logmartians,nosmurfs
net eth1 detect dhcp
net ppp+ detect dhcp
Save and close the file. In this example I've defined the firewall's network interfaces (eth0) to Shorewall.
Where,
- net - net is zone for eth0 interface. Must match the name of a zone declared in /etc/shorewall/zones.
- eth0 - eth0 interface for net zone.
- detect - This is optional but uf you use the special value detect Shorewall will detect the broadcast address(es) for you if your iptables and kernel include Address Type match support.
- tcpflags,logmartians,nosmurfs - A comma-separated list of options:
- tcpflags - Packets arriving on this interface are checked for certain illegal combinations of TCP flags.
- logmartians - Turn on kernel martian logging i.e. logging of packets with impossible source addresses. This is a must for system that act as a router.
- nosmurfs - Filter packets for smurfs (packets with a broadcast address as the source)
- dhcp - The interface gets its IP address via DHCP
Step #3: Define shorewall policy
Edit /etc/shorewall/policy, enter:
- Code:
# vi /etc/shorewall/policy
Append the code as follows:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw all ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
Where,
- fw Firewall zone (i.e. machine itself).
- net - Internet zone.
- In this example, I'm allowing all traffic from firewall (machine). However, all traffic coming from net zone is dropped. In other words, I'm allowing all outgoing traffic from my desktop, but no incoming connections are allowed by default and logged at syslog level KERNEL.INFO.
- The last line rejects / drops all connections and logged at level KERNEL.INFO.
Step #4: Open required ports (if any)
Edit /etc/shorewall/rules, enter:
- Code:
# vi /etc/shorewall/rules
Append the following code:
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
ACCEPT net $FW:192.168.1.5 TCP 9500
ACCEPT net $FW:192.168.1.5 UDP 9500
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping(DROP) net $FW
In this example, I'm accepting bittorrent traffic on TCP / UDP port # 9500 forwarded by ISP router. You can use the rule as follows to open smtp and ssh ports:
#Forward all ssh and http connection requests from the internet to local system 192.168.1.5
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
ACCEPT net $FW:192.168.1.5 tcp ssh,http
Save and close the file.
How do I start / stop / restart shoewall?
Use the following command:
- Code:
/etc/init.d/shorewall start
/etc/shorewall/rules stop
/etc/shorewall/rules restart
- Code:
# shorewall show | less
Sample outputs:
horewall 4.4.11.6 filter Table at wks01 - Sat Aug 18 03:19:49 IST 2012
Counters reset Sat Aug 18 03:18:53 IST 2012
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
23 3176 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW
29 3540 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp+_in all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW
0 0 ppp+_fwd all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
30 4184 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */
How do I see the IP connections currently being tracked by the firewall?
- Code:
# shorewall show connections
- Code:
# shorewall show zones
Sample outputs:
Shorewall 4.4.11.6 Zones at wks01 - Sat Aug 18 03:21:30 IST 2012
fw (firewall)
net (ipv4)
eth0:0.0.0.0/0
eth1:0.0.0.0/0
ppp+:0.0.0.0/0
How do I see firewall logs?
The hits command generates several reports from Shorewall log messages in the current log file:
- Code:
# shorewall hits
Sample outputs:
Shorewall 4.4.11.6 Hits at wks01 - Sat Aug 18 03:23:09 IST 2012
HITS IP DATE
---- --------------- ------
3955 192.168.1.2 Aug 17
2059 192.168.1.2 Aug 13
1939 192.168.1.2 Aug 15
960 192.168.1.2 Aug 14
624 192.168.1.2 Aug 18
592 192.168.1.2 Aug 16
555 192.168.1.2 Aug 12
21 192.168.1.10 Aug 18
21 192.168.1.10 Aug 13
1 209.133.67.35 Aug 17
HITS IP PORT
---- --------------- -----
4523 192.168.1.2 59092
1955 192.168.1.2 41859
1595 192.168.1.2 35511
464 192.168.1.2 35351
443 192.168.1.2 50015
368 192.168.1.2 32827
352 192.168.1.2 44954
296 192.168.1.2 50840
264 192.168.1.2 48698
216 192.168.1.2 37711
160 192.168.1.2 45371
48 192.168.1.2 56431
42 192.168.1.10 22
1 209.133.67.35 0
HITS DATE
---- ------
3956 Aug 17
2080 Aug 13
1939 Aug 15
960 Aug 14
645 Aug 18
592 Aug 16
555 Aug 12
HITS PORT SERVICE(S)
---- ----- ----------
4523 59092
1955 41859
1595 35511
464 35351
443 50015
368 32827
352 44954
296 50840
264 48698
216 37711
160 45371
48 56431
42 22 ssh
Found at http://www.cyberciti.biz/faq/debian-ubuntu-linux-shorewall-firewall-configuration/
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|