Shorewall Documentation

Tom Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

2005-03-18


Note

The complete Shorewall Documentation is available for download in both Docbook XML and HTML formats.

Caution

Are you running Shorewall on Mandrake™ Linux with a two-interface setup?

If so and if you configured your system while running a Mandrake release earlier than 10.0 final then this documentation will not apply directly to your environment. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a configuration that matches this documentation. See the Two-interface QuickStart Guide for details.

The remainder of the Documentation supplements the QuickStart Guides. Please review the appropriate guide before trying to use this documentation directly.

  1. 2.6 Kernel

  2. Accounting

  3. Actions

  4. Aliased (virtual) Interfaces (e.g., eth0:0)

  5. Bandwidth Control

  6. Blacklisting

    • Static Blacklisting using /etc/shorewall/blacklist

    • Dynamic Blacklisting using /sbin/shorewall

  7. Bridge/Firewall

  8. Commands (Description of all /sbin/shorewall commands)

  9. Common configuration file features 

  10. Configuration File Reference Manual

  11. Corporate Network Example (Contributed by a Graeme Boyle)

  12. DHCP

  13. ECN Disabling by host or subnet

  14. Errata

  15. Error Messages

  16. Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.)

  17. Fallback/Uninstall

  18. FAQs

  19. Features

  20. Forwarding Traffic on the Same Interface

  21. FTP and Shorewall

  22. Getting help or answers to questions

  23. Installation/Upgrade

  24. IPP2P

  25. IPSEC

  26. IPSEC using Kernel 2.6 and Shorewall 2.1 or Later.

  27. Kazaa Filtering

  28. Kernel Configuration

  29. Logging

  30. MAC Verification

  31. Multiple Zones Through One Interface

  32. My Shorewall Configuration (How I personally use Shorewall)

  33. Netfilter Overview

  34. Network Mapping

  35. One-to-one NAT (Static NAT)

  36. OpenVPN

  37. Operating Shorewall

  38. Packet Processing in a Shorewall-based Firewall

  39. 'Ping' Management

  40. Port Information

    • Which applications use which ports

    • Ports used by Trojans

  41. PPTP

  42. Proxy ARP

  43. Release Model

  44. Requirements

  45. Routing and Shorewall

  46. Routing on One Interface

  47. Samba

  48. Shorewall Setup Guide

  49. SMB

  50. Starting/stopping the Firewall

    • Description of all /sbin/shorewall commands

    • How to safely test a Shorewall configuration change

  51. Squid with Shorewall

  52. Static (one-to-one) NAT

  53. Traffic Accounting

  54. Traffic Shaping/QOS

  55. Troubleshooting (Things to try if it doesn't work)

  56. UID/GID Based Rules

  57. Upgrade Issues

  58. VPN

  59. White List Creation