Simple Shorewall config on Ubuntu server 12.04 LTS

Here are the steps I used to configure a simple Shorewall firewall on Ubuntu 12.04.

The firewall config below provides SSH and HTTP access only; all other ports are blocked. Obviously you can add additional services as required in step 5.

  1. Install the Shorewall firewall.
    sudo apt-get install shorewall
  2. Backup the original configuration.
    sudo cp -p /etc/shorewall/shorewall.conf /etc/shorewall/shorewall.conf.orig
  3. Copy the provided configuration for a single-interface machine.
    sudo cp -p /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
  4. Add rules to allow SSH and web access.
    sudo nano /etc/shorewall/rules
  5. Add the following to the bottom of the file
    SSH(ACCEPT)     net             $FW
    Web(ACCEPT)     net             $FW

    For SMTP (still allowing http):

    SSH(ACCEPT)     net             $FW
    Web(ACCEPT)     net             $FW
    SMTP(ACCEPT)    net             $FW
  6. Edit Ubuntu’s Shorewall config to allow the firewall to start.
     sudo nano /etc/default/shorewall
  7. Change startup from 0 to 1
  8. Start the firewall.
    sudo /etc/init.d/shorewall start
  9. Done!

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.