...
Code Block |
---|
apt-get install shorewall
apt-get install ipset
mv /etc/shorewall{,-orig}
mkdir /etc/shorewall
root@server.lastschl:~# scp /etc/shorewall/* root@192.168.10.52:/etc/shorewall/
#commented all entries related to loc and vpn zones (including dynamic zone man) in all files
#removed all MAC addresses of wifi clients
|
Code Block |
---|
root@debian9-base:/etc/shorewall# for i in `ls`; do echo "========= $i ========="; cat $i | grep -v "^#" | grep -v "^$"; echo "========= $i ========="; echo ""; done ========= hosts ========= wifi1 enp0s8:dynamic ========= hosts ========= ========= interfaces ========= net enp0s3 detect tcpflags,dhcp,nosmurfs,routefilter,logmartians wifi enp0s8 detect tcpflags,nosmurfs,routefilter,logmartians ========= interfaces ========= ========= masq ========= enp0s3 192.168.9.0/24 ========= masq ========= ========= policy ========= $FW net REJECT INFO(uid) $FW wifi ACCEPT INFO(uid) wifi all REJECT wifi1 net ACCEPT INFO wifi1 $FW ACCEPT INFO(uid) $FW wifi1 ACCEPT INFO(uid) net all DROP INFO all all REJECT info ========= policy ========= ========= routestopped ========= ========= routestopped ========= ========= rules ========= Invalid(DROP) net all ACCEPT:INFO(uid) net $FW tcp 22 ACCEPT:INFO(uid) net $FW udp 123 ACCEPT:INFO(uid) net $FW icmp ACCEPT:INFO(uid) $FW net tcp 465,587,995,993 ACCEPT:INFO(uid) $FW net udp 53,123 ACCEPT:INFO(uid) $FW net icmp ACCEPT:INFO(uid) $FW net tcp - - - - root ACCEPT:INFO(uid) $FW net udp - - - - root ACCEPT:INFO(uid) $FW net icmp - - - - root ACCEPT:INFO(uid) $FW net tcp - - - - _apt ACCEPT:INFO(uid) $FW net udp - - - - _apt ACCEPT:INFO(uid) $FW net icmp - - - - _apt ========= rules ========= ========= shorewall.conf ========= STARTUP_ENABLED=Yes .... SAVE_IPSETS=Yes .... ========= shorewall.conf ========= ========= zones ========= fw firewall net ipv4 wifi ipv4 wifi1:wifi ipv4 dynamic_shared ========= zones ========= |
...