Comments on: Shorewall Firewall on Ubuntu Feisty VPS Part 3 http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/ Where Ignorance Is Not Bliss Sun, 04 Jul 2010 23:50:07 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Gregg http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/comment-page-1/#comment-204 Gregg Tue, 10 Mar 2009 04:20:45 +0000 http://blog.jeff-owens.com/index.php/2007/07/17/shorewall-firewall-on-ubuntu-feisty-vps-part-3/#comment-204 Thank you so much for posting this - I admin'd CentOS for about 2 years and the transition to Debian has been like my six weeks in Germany "wie sagt man auf deutch?" - how do I say it in German (Debian). The part in /etc/default/shorewall was the key - thanks! Thank you so much for posting this – I admin’d CentOS for about 2 years and the transition to Debian has been like my six weeks in Germany “wie sagt man auf deutch?” – how do I say it in German (Debian). The part in /etc/default/shorewall was the key – thanks!

]]> By: Jon http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/comment-page-1/#comment-53 Jon Thu, 15 Nov 2007 10:28:06 +0000 http://blog.jeff-owens.com/index.php/2007/07/17/shorewall-firewall-on-ubuntu-feisty-vps-part-3/#comment-53 Excellent getting started guide :-) Shorewall also ships with a number of macros. In the rules file, you can do the same as above, with the following: SSH/ACCEPT net $FW Web/ACCEPT net $FW Ping/ACCEPT net $FW See '/usr/share/shorewall/' for a list of all macros. Excellent getting started guide :-)

Shorewall also ships with a number of macros. In the rules file, you can do the same as above, with the following:

SSH/ACCEPT net $FW
Web/ACCEPT net $FW
Ping/ACCEPT net $FW

See ‘/usr/share/shorewall/’ for a list of all macros.

]]> By: Because I Learn » Blog Archive » Firewall http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/comment-page-1/#comment-50 Because I Learn » Blog Archive » Firewall Wed, 24 Oct 2007 10:10:08 +0000 http://blog.jeff-owens.com/index.php/2007/07/17/shorewall-firewall-on-ubuntu-feisty-vps-part-3/#comment-50 [...] tutorial at Debianhelp on the installation and setting of it. A more relevant tutorial is here and there for those who are running a Xen [...] [...] tutorial at Debianhelp on the installation and setting of it. A more relevant tutorial is here and there for those who are running a Xen [...]

]]> By: BlueNovember http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/comment-page-1/#comment-10 BlueNovember Sun, 05 Aug 2007 10:49:29 +0000 http://blog.jeff-owens.com/index.php/2007/07/17/shorewall-firewall-on-ubuntu-feisty-vps-part-3/#comment-10 Hey again. Finally finished setting up my own shorewall, and thought I'd my thoughts on bits I found annoying/tricky: Shorewall will not reply to pings by default. To make it reply, add the following to your rules file: Ping/ACCEPT net $FW You can also add services by name, instead of port, eg: ACCEPT net $FW tcp microsoft-ds ACCEPT net $FW tcp mysql ACCEPT net $FW tcp netbios-ssn ACCEPT net $FW tcp ftp ...although of course this will just add the default ports, not intelligently find the ones you are listening on. Hey again. Finally finished setting up my own shorewall, and thought I’d my thoughts on bits I found annoying/tricky:

Shorewall will not reply to pings by default. To make it reply, add the following to your rules file:
Ping/ACCEPT net $FW

You can also add services by name, instead of port, eg:
ACCEPT net $FW tcp microsoft-ds
ACCEPT net $FW tcp mysql
ACCEPT net $FW tcp netbios-ssn
ACCEPT net $FW tcp ftp

…although of course this will just add the default ports, not intelligently find the ones you are listening on.

]]> By: Jeff http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/comment-page-1/#comment-7 Jeff Sun, 29 Jul 2007 23:00:35 +0000 http://blog.jeff-owens.com/index.php/2007/07/17/shorewall-firewall-on-ubuntu-feisty-vps-part-3/#comment-7 <p>Good catch Blue, now corrected. Thx.</p> Good catch Blue, now corrected. Thx.

]]> By: BlueNovember http://blog.jeff-owens.com/linux/shorewall-firewall-on-ubuntu-feisty-vps-part-3/comment-page-1/#comment-6 BlueNovember Sun, 29 Jul 2007 16:13:05 +0000 http://blog.jeff-owens.com/index.php/2007/07/17/shorewall-firewall-on-ubuntu-feisty-vps-part-3/#comment-6 Hey there. A great quick-start guide. I think however there's a slight mistake: In the lines you say to add to /etc/shorewall/rules, net fw tcp 22 net fw tcp 80 should read: ACCEPT net fw tcp 22 ACCEPT net fw tcp 80 I'm not sure if that's actually correct, but that's what I understood from the man pages / other sources, and it worked for me. Without the changes I get this error after following your instructions: (in /var/log/shorewall-init.log) Compiling/etc/shorewall/rules ... ERROR: Invalid Action in rule "net fw tcp 22" (running ubuntu server, fiesty fawn) Thanks once again for the guide =) ~ Blue Hey there.
A great quick-start guide.
I think however there’s a slight mistake:

In the lines you say to add to /etc/shorewall/rules,
net fw tcp 22
net fw tcp 80

should read:
ACCEPT net fw tcp 22
ACCEPT net fw tcp 80

I’m not sure if that’s actually correct, but that’s what I understood from the man pages / other sources, and it worked for me. Without the changes I get this error after following your instructions:
(in /var/log/shorewall-init.log)
Compiling/etc/shorewall/rules …
ERROR: Invalid Action in rule “net fw tcp 22″

(running ubuntu server, fiesty fawn)

Thanks once again for the guide =)
~
Blue

]]>