...
Code Block |
---|
root@debian9-base:/etc/shorewall# for i in `ls`; do echo "========= $i ========="; cat $i | grep -v "^#" | grep -v "^$"; echo "========= $i ========="; echo ""; done
========= hosts =========
========= hosts =========
========= interfaces =========
net enp0s3 detect tcpflags,dhcp,nosmurfs,routefilter,logmartians
wifi enp0s8 detect tcpflags,nosmurfs,routefilter,logmartians
========= interfaces =========
========= masq =========
enp0s3 192.168.9.0/24
========= masq =========
========= policy =========
$FW net REJECT INFO(uid)
$FW wifi ACCEPT INFO(uid)
wifi all REJECT
net all DROP INFO
all all REJECT info
========= policy =========
========= routestopped =========
========= routestopped =========
========= rules =========
Invalid(DROP) net all
ACCEPT:INFO(uid) net $FW tcp 22
ACCEPT:INFO(uid) net $FW udp 123
ACCEPT:INFO(uid) net $FW icmp
ACCEPT:INFO(uid) $FW net tcp 465,587,995,993
ACCEPT:INFO(uid) $FW net udp 53,123
ACCEPT:INFO(uid) $FW net icmp
ACCEPT:INFO(uid) $FW net tcp - - - - root
ACCEPT:INFO(uid) $FW net udp - - - - root
ACCEPT:INFO(uid) $FW net icmp - - - - root
ACCEPT:INFO(uid) $FW net tcp - - - - _apt
ACCEPT:INFO(uid) $FW net udp - - - - _apt
ACCEPT:INFO(uid) $FW net icmp - - - - _apt
========= rules =========
========= shorewall.conf =========
....
STARTUP_ENABLED=Yes
....
========= shorewall.conf =========
========= zones =========
fw firewall
net ipv4
wifi ipv4
========= zones =========
|
...