Dec 20, 2012 · The /etc/shorewall/policy file defines the high-level policy for connections between zones defined in /etc/shorewall/zones. To provide exceptions to policies, add rules to /etc/shorewall/rules . Use this file to open or close ports and so on.

Dec 20, 2012 · The /etc/shorewall/policy file defines the high-level policy for connections between zones defined in /etc/shorewall/zones. To provide exceptions to policies, add rules to /etc/shorewall/rules . Use this file to open or close ports and so on. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. If not give, the name shorewall is assumed. Where more than one POLICY specifies the same name, the connections counts for the policies are aggregated and the individual rates apply to the aggregated count. In the standard Shorewall distribution, the DROP policy has a default action called Drop and the REJECT policy has a default action called Reject. Default actions are used primarily to discard certain packets silently so that they don't clutter up your log. Make sure you /etc/shorewall/policy file has a section to allow VPN to LOC and LOC to VPN: loc vpn ACCEPT vpn loc ACCEPT or rules in the /etc/shorewall/rules file to allow loc to vpn and vpn to loc. ACCEPT loc vpn ACCEPT vpn loc And your /etc/shorewall/tunnels file should have this in it: I'm going to install Shorewall on a Debian stable Linux box. The shorewall version in the stable repositories is 4.6.4.3-2. Shorewall website suggests to pin apt preferences and force the download of /etc/shorewall/policy file: #SOURCE DEST POLICY LOGLEVEL loc net ACCEPT This means by default everything from local network to internet will be allowed through the firewall. Now if you want to block something, lets say port 80, you will need to put a block rule on top.

Make sure you /etc/shorewall/policy file has a section to allow VPN to LOC and LOC to VPN: loc vpn ACCEPT vpn loc ACCEPT or rules in the /etc/shorewall/rules file to allow loc to vpn and vpn to loc. ACCEPT loc vpn ACCEPT vpn loc And your /etc/shorewall/tunnels file should have this in it:

919893 – new selinux policy utterly breaks shorewall No version of Shorewall will run on this system Things worked fine until I rebooted the machine today, so it is something recent that changed. selinux-policy-3.7.19-195.el6_4.1.noarch Comment 1 Milos Malik 2013-03-11 07:34:12 UTC

Linux(CentOS)防火墙shorewall的安装 | 学步园

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements.