[tanya-jawab] RE:shorewall

Stefanus Eddy Tue, 27 Jul 2004 02:24:59 -0700

Hi All,

ada yang make shorewall ngak ? boleh dong liat 'jeroan' setting konfigurasi
:


Default Policies (policy),Firewall Rules(rules),Types of
Service(tos),Masquerading(masq),Static NAT,(nat)
Proxy ARP(proxyarp),When Stopped(routestopped),VPN Tunnels(tunnels),Zone
Hosts(hosts)

info:
LAN: 192.168.1.0/24
GATEWAY= 2 interfaces : eth0(public) + eth1(private)
ROUTER=202.xxx.xxx.xxxx
** rencana mau blok port MSN + YM sekalian..
ada yg bisa bantu ?


contoh scripts saya
===========
file zones

#ZONE   DISPLAY         COMMENTS
net     Net             Internet
loc     Local           Local Networks

======rules
ACCEPT          fw              net             tcp     53
ACCEPT          fw              net             udp     53
ACCEPT          loc             net             tcp     53
ACCEPT          loc             net             udp     53
ACCEPT          fw              loc             tcp     53
ACCEPT          fw              loc             udp     53
#
#       Accept SSH connections from the local network for administration
#
ACCEPT          loc             fw              tcp     22
ACCEPT          fw             loc              tcp     22
ACCEPT          loc             fw              tcp     10000
                                                                                       
                                      
#
#Drop Local User
#
#Komputer B
DROP            loc:eth0:192.168.0.33   fw      tcp     8080,80,443,3128
DROP            loc:eth0:192.168.0.33   fw      udp     8080,80,443,3128
#Komputer A
DROP            loc:eth0:192.168.0.34   fw      tcp     8080,80,443,3128
DROP            loc:eth0:192.168.0.34   fw      udp     8080,80,443,3128
#
#       Allow Ping To And From Firewall
#
ACCEPT          loc             fw              icmp    3
ACCEPT          loc             fw              icmp    8
ACCEPT          loc             fw              icmp    11
ACCEPT          fw              loc             icmp    3
ACCEPT          fw              loc             icmp    8
ACCEPT          fw              loc             icmp    11
ACCEPT          fw              net             icmp    3
ACCEPT          fw              net             icmp    8
ACCEPT          fw              net             icmp    11

# Transparent Proxy
REDIRECT  loc        3128     tcp      8080,80,443      -

====masq
eth1    eth0    xxx.x.xxx.xxx   tcp     25
eth1    eth0    xxx.x.xxx.xxx

===policy
#SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
loc             net             ACCEPT
loc             fw              ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw              net             ACCEPT
fw              loc             ACCEPT
net             all             DROP            info
# THE FOLLOWING POLICY MUST BE LAST
all             all             REJECT          info

=====interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth1            detect          routefilter,norfc1918,blacklist,tcpflags
loc     eth0            detect


semoga membantu

salam,


eddy


--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis.php
Tidak bisa posting? Baca:
http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi
http://linux.or.id/wiki/index.php?pagename=TataTertibMilis

[tanya-jawab] RE:shorewall

Reply via email to