Shorewall configuration help

phantom_cyph · 11-25-2008, 10:11 AM

Solved my first problem, now I need to know if my configuration is at all secure. I have never used Shorewall, or a text-based firewall for that matter. Here are my files:

Zones:

Code:

#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
LAN     ipv4
WAN     ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Interfaces:

Code:

#ZONE   INTERFACE       BROADCAST       OPTIONS
WAN     eth0            -               dhcp
LAN     eth1            detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Policy:

Code:

#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK
LAN     WAN     ACCEPT
LAN     $FW     ACCEPT
LAN     LAN     ACCEPT
WAN     LAN     DROP            warning
WAN     $FW     DROP            warning
$FW     LAN     ACCEPT
$FW     WAN     ACCEPT
WAN     WAN     ACCEPT
#LAST LINE -- DO NOT REMOVE

I have not made changes to the other files (except shorewall.conf to enable it to start).

phantom_cyph · 11-25-2008, 12:08 PM

I would prefer to block every port, then open only the ones I need.

phantom_cyph · 11-26-2008, 11:18 PM

Just got a new problem. I don't know if its the yahoo protocol or not, but even when I stop my firewall, I can't log on to yahoo's chat via pidgin. AIM works fine, but not yahoo. Did a "shorewall stop", doesn't matter, did it a couple times and it said it had stopped, it did not however say that it was already down. I don't know whats going on with it. I really feel unprotected without a firewall...