Setup Firewall on Ubuntu – Command Line

in shel command :

Code: Select all
sudo apt-get install shorewall

After a while we have an iptables-based firewall ready for tweaking. Configuration files are located in /etc/shorewall and as access to this directory is denied for a normal user, we’ll use administrative shell to avoid typing sudo all the time:
Must be root

Code: Select all
cd /etc/shorewall

We’ll now copy some default files from /usr/share/:

Code: Select all
cp /usr/share/doc/shorewall/default-config/interfaces
cp /usr/share/doc/shorewall/default-config/policy
cp /usr/share/doc/shorewall/default-config/rules
cp /usr/share/doc/shorewall/default-config/zones

We have to specify our network interface in /etc/shorewall/interfaces, so open it with your favourite editor and add the following line at the bottom:

Code: Select all
nano interfaces
net eth0 detect

Let’s also add a default zone to /etc/shorewall/zones by appending this line:

Code: Select all
net ipv4

OK, here comes the security – edit /etc/shorewall/policy and block all remote access by adding these lines to the end of the file:

Code: Select all
fw net ACCEPT
net all DROP info
all all REJECT info

These settings will allow all outgoing transfer, drop all packages coming from outside and reject all that’s left. Yet, this will also lock SSH connections, leaving us in trouble, so let us take care of /etc/shorewall/rules file:

Code: Select all
ACCEPT net fw tcp 22

# Replace 22 with your SSH port if you changed it before
If you’re planning to run WWW server you have to add:

Code: Select all
ACCEPT net fw tcp 80

etc …
As you can see, adding custom rules is not that difficult at all. The last thing to do before actually starting our firewall is editing /etc/default/shorewall, and replacing:

Code: Select all
startup=0

with

Code: Select all
startup=1

Our simple firewall is now ready to start with:

Code: Select all
sudo invoke-rc.d shorewall star
/etc/init.d/shorewall restart //Restart the service

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: