Here are the steps I used to configure a simple Shorewall firewall on Ubuntu 12.04.
The firewall config below provides SSH and HTTP access only; all other ports are blocked. Obviously you can add additional services as required in step 5.
- Install the Shorewall firewall.
sudo apt-get install shorewall
- Backup the original configuration.
sudo cp -p /etc/shorewall/shorewall.conf /etc/shorewall/shorewall.conf.orig
- Copy the provided configuration for a single-interface machine.
sudo cp -p /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
- Add rules to allow SSH and web access.
sudo nano /etc/shorewall/rules
- Add the following to the bottom of the file
SSH(ACCEPT) net $FW Web(ACCEPT) net $FW
For SMTP (still allowing http):
SSH(ACCEPT) net $FW Web(ACCEPT) net $FW SMTP(ACCEPT) net $FW
- Edit Ubuntu’s Shorewall config to allow the firewall to start.
sudo nano /etc/default/shorewall
- Change startup from 0 to 1
- Start the firewall.
sudo /etc/init.d/shorewall start
- Done!
Leave a Reply