Shorewall Installation

 

If you haven't done so already, please read and print a copy of the Shorewall Documentation.

To install Shorewall using the RPM:

  • Install the RPM (rpm -ivh <shorewall rpm>).
  • Edit the configuration files to match your configuration.
  • Start the firewall by typing "shorewall start"

To install Shorewall using the tarball and install script:

  • unpack the tarball
  • cd to the shorewall directory (the version is encoded in the directory name as in "shorewall-3.0.1").
  • Edit the configuration files to match your configuration.
  • If you are using Caldera, RedHat, Mandrake, Corel, Slackware or Debian then type "./install.sh"
  • If you are using SuSe then type "./install.sh /etc/init.d"
  • If your distribution has directory /etc/rc.d/init.d or /etc/init.d then type "./install.sh"
  • For other distributions, determine where your distribution installs init scripts and type "./install.sh <init script directory>
  • Start the firewall by typing "shorewall start"
  • If the install script was unable to configure Shorewall to be started automatically at boot, see these instructions.

There are a number of configuration files that need to be edited to configure the firewall.  Details are in the Shorewall Documentation.

  • /etc/shorewall/shorewall.conf - used to set several firewall parameters.
  • /etc/shorewall/zones - partition the firewall's view of the world into zones.
  • /etc/shorewall/policy - establishes firewall high-level policy.
  • /etc/shorewall/interfaces - describes the interfaces on the firewall system.
  • /etc/shorewall/hosts - allows defining zones in terms of individual hosts and subnetworks.
  • /etc/shorewall/masq - directs the firewall where to use many-to-one (dynamic) NAT a.k.a. Masquerading.
  • /etc/shorewall/modules - directs the firewall to load kernel modules.
  • /etc/shorewall/rules - defines rules that are exceptions to the overall policies established in /etc/shorewall/policy.
  • /etc/shorewall/nat - defines static NAT rules.
  • /etc/shorewall/proxyarp - defines use of Proxy ARP.
  • /etc/shorewall/tos - defines rules for setting the TOS field in packet headers.
  • /etc/shorewall/tunnels - defines IPSEC tunnels with end-points on the firewall system.

If you already have the Shorewall RPM installed and are upgrading to a new version:

  • Upgrade the RPM (rpm -Uvh <shorewall rpm file>)
  • Restart the firewall (shorewall restart).

If you already have Shorewall installed and are upgrading to a new version using the tarball:

  • unpack the tarball
  • cd to the shorewall directory (the version is encoded in the directory name as in "shorewall-3.0.1").
  • If you are using Caldera, RedHat, Mandrake, Corel, Slackware or Debian then type "./install.sh"
  • If you are using SuSe then type "./install.sh /etc/init.d"
  • If your distribution has directory /etc/rc.d/init.d or /etc/init.d then type "./install.sh"
  • For other distributions, determine where your distribution installs init scripts and type "./install.sh <init script directory>
  • Restart the firewall by typing "shorewall restart"