Page History

root@debian9-base:/etc/shorewall# for i in `ls`; do echo "========= $i ========="; cat $i | grep -v "^#" | grep -v "^$"; echo "========= $i ========="; echo ""; done
========= hosts =========
========= hosts =========

========= interfaces =========
net     enp0s3         detect      tcpflags,dhcp,nosmurfs,routefilter,logmartians
wifi	enp0s8		   detect	   tcpflags,nosmurfs,routefilter,logmartians
========= interfaces =========

========= masq =========
enp0s3					   192.168.9.0/24
========= masq =========

========= policy =========
$FW		net		REJECT		INFO(uid)
$FW		wifi	ACCEPT		INFO(uid)
wifi	all		REJECT
net		all		DROP		INFO
all		all		REJECT		info
========= policy =========

========= routestopped =========
========= routestopped =========

========= rules =========
Invalid(DROP)		 net			 all
ACCEPT:INFO(uid)     net             $FW             			$FW			tcp     22
ACCEPT:INFO(uid)     net             $FW             			$FW			udp     123
ACCEPT:INFO(uid)     net		     	 $FW	     		 icmp
ACCEPT:INFO(uid)     $FW             net             			net			tcp     465,587,995,993
ACCEPT:INFO(uid)     $FW             net             $FW			net			udp     53,123
ACCEPT:INFO(uid)     $FW		     	 net		     	 icmp
ACCEPT:INFO(uid)     $FW             net             			net			tcp     -            -               -               -               root
ACCEPT:INFO(uid)     $FW             net             			net			udp     -            -               -               -               root
ACCEPT:INFO(uid)     $FW             net             			net			icmp    -            -               -               -               root
ACCEPT:INFO(uid)     $FW             net             			net			tcp     -            -               -               -               _apt
ACCEPT:INFO(uid)     $FW             net             			net			udp     -            -               -               -               _apt
ACCEPT:INFO(uid)     $FW             net             			net			icmp    -            -               -               -               _apt
========= rules =========

========= shorewall.conf =========
....
STARTUP_ENABLED=Yes
....
IP_FORWARDING=On
....
========= shorewall.conf =========

========= zones =========
fw			firewall
net			ipv4
wifi		ipv4
========= zones =========

 

root@debian9-base:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The external interface
auto enp0s3
iface enp0s3 inet static
address 192.168.10.52
network 192.168.10.0
netmask 255.255.255.0
broadcast 192.168.10.255
gateway 192.168.10.1
  
# The wifi interface
auto enp0s8
iface enp0s8 inet static
address 192.168.9.1
netmask 255.255.255.0
broadcast 192.168.9.255
 
root@debian9-base:~# cat /etc/dhcp/dhcpd.conf | grep -v "^#" | grep -v "^$"
# Some of the following lines are there by default and are probably not required
ddns-update-style none;
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
include "/etc/ltsp/dhcpd.conf";
 
root@debian9-base:~# cat /etc/ltsp/dhcpd.conf 
#
# Default LTSP dhcpd.conf config file.
#

authoritative;

subnet 192.168.9.0 netmask 255.255.255.0 {
    range 192.168.9.40 192.168.9.250;
    option domain-name "test.av";
    option domain-name-servers 192.168.9.1;
    option broadcast-address 192.168.9.255;
    option routers 192.168.9.1;
    option subnet-mask 255.255.255.0;
    option root-path "/opt/ltsp/amd64";
    if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
        filename "/ltsp/amd64/pxelinux.0";
    } else {
        		filename "/ltsp/amd64/nbi.img";
	}
}

# Just after: wifi		all		REJECT
# Added:
wifi1		net		ACCEPT		INFO
wifi1		$FW		ACCEPT		INFO(uid)
$FW			wifi1		ACCEPT		INFO(uid)
# Before: net		all		DROP		INFO