1 / 19

Shorewall

Shorewall. Shorewall. Shorewall tools for building a firewall variable : interfaces, zones, rules Konfigurasi Shorewall terdapat pada direktori /etc/shorewall, yang minimal terdiri dari zone, interfaces, rule, policy, dan shorewall.conf. Shorewall. Zone.

Download Presentation

Shorewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Shorewall

  2. Shorewall • Shorewall • tools for building a firewall • variable : interfaces, zones, rules • Konfigurasi Shorewall terdapat pada direktori /etc/shorewall, yang minimal terdiri dari zone, interfaces, rule, policy, dan shorewall.conf.

  3. Shorewall

  4. Zone • Shorewall membagi jaringan menjadi beberapa zone yang dideskripsikan di /etc/shorewall/zones • diibaratkan komputer terdiri dari dua interfaces maka akan kita buat menjadi zone net dan zone loc, sehingga konfigurasi /etc/shorewall/zones sbb: • #ZONE TYPE OPTIONS IN OUT • # OPTIONS OPTIONS • fw firewall • net ipv4 • loc ipv4 • Zone net adalah zona internet • zone loc adalah zona lokal • Zona fw mendeskripsikan mesin firewall itu sendiri. • Penamaan zona terserah kepada kita.

  5. Interfaces • Kemudian kita definisikan interfaces apa saja yang akan kita terapkan zona tadi pada /etc/shorewall/interfaces, konfigurasinya kira-kira seperti : • #ZONE INTERFACE BROADCAST OPTIONS • net eth0 detect norfc1918 • loc eth1 detect

  6. Rules • Rules dalah kebijakan yang akan mengatur setiap koneksi yang masuk ke firewall, contoh konfigurasi /etc/shorewall/rules : • #ACTION SOURCE DEST PROTO DEST PORT(S) • Ping/ACCEPT loc:192.168.0.1 $FW • ACCEPT $FW all icmp • Web/ACCEPT all $FW • SSH/ACCEPT loc:192.168.0.1 $FW

  7. Policy • Policy adalah kebijakan umum yang diterapkan untuk hubungan masing-masing zone jika nanti tidak ada rule yang mendeskripsikannya , misalkan : • #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST • loc net ACCEPT • net all DROP info • all all REJECT info

  8. Untuk instalasi berbasis debian biasanya file /etc/shorewall kosong, file-file rule default dapat di copy dari /usr/share/doc/shorewall/default-config serta contoh-contoh konfigurasi juga ada pada /usr/share/doc/shorewall/examples

  9. Installation • Remove • :~# apt-get remove portmap • :~# apt-get remove nfs-common • :~# apt-get remove pidentd

  10. Installation • Install Shorewall • :~# apt-get install shorewall • Install documentation • :~# apt-get install shorewall-doc

  11. Configuration • goto shorewall directory • :~# cd /etc/shorewall • look inside • :/etc/shorewall# ls

  12. Configuration • Change /etc/default/shorewall from startup=0 to startup=1 • # vim /etc/default/shorewall • change the startup

  13. Activate the firewall • do this # /etc/init.d/shorewall start • watch your firewall # iptables –nL | less

  14. Configure shorewall dari webmin

More Related