Copyright © 2006, 2007, 2010, 2011, 2016 Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.
2023/02/18
Do not attempt to install Shorewall on a remote system. You are virtually assured to lock yourself out.
Please read this short article first.
Now, install Shorewall.
Next, read the QuickStart Guide that is appropriate for your configuration:
If you just want to protect a system: (Requires Shorewall 4.4.12-Beta3 or later)
Universal configuration -- requires no configuration to protect a single system.
This configuration places all interfaces in the net zone. If you add another interface or VPN, you will want to select a different QuickStart Guide.
If you have only one public IP address:
Standalone Linux System with a single network interface (if you are running Shorewall 4.4.12 Beta 3 or later, use the Universal configuration instead).
Two-interface Linux System acting as a firewall/router for a small local network. For Redhat-specific install/configure information, see this article contributed by Digimer.
Three-interface Linux System acting as a firewall/router for a small local network and a DMZ.
If you have more than one public IP address:
The Shorewall Setup Guide outlines the steps necessary to set up a firewall where there are multiple public IP addresses involved or if you want to learn more about Shorewall than is explained in the single-address guides above.
The following articles are also recommended reading for newcomers.
Operating Shorewall and Shorewall Lite contains a lot of useful operational hints.
PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS