Shorewall is a robust iptables-based firewall for Linux. This guide walks through the process of setting up Shorewall to make your plug a bit more secure.
1. SSH into your plug:
$ ssh root@<ipaddress>
2. “Fix” apt-get:
# mkdir -p /var/cache/apt/archives/partial
3. Install Shorewall:
# apt-get install shorewall
The system may display a message stating that it cannot start due to misconfiguration. This is normal;
shorewall‘s developers were smart and designed the firewall not to start with the default configuration.
4. Copy default config files:
# cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall
This copies the default
shorewall config files into the correct directory.
5. Edit the config files:
/etc/shorewall/rules in your favorite text editor, and add the following lines:
ACCEPT net fw tcp 22 #ssh ACCEPT net fw tcp 80 #http ACCEPT net fw tcp 10001 #tonido
This allows all traffic to port 22 (SSH) and port 80 (http), and of course 10001 (Tonido).
Save the file and exit. Next, open
/etc/shorewall/shorewall.conf and look for
STARTUP_ENABLED and set it to
Save the file, exit, and open
/etc/default/shorewall and find the line that says
startup and set it to
Save the file. This allows
shorewall to start upon system startup.
# /etc/init.d/shorewall start
And you’re done!
Here are a few additional ports you may want to open. To open them, just add the port to the
/etc/shorewall/rules file with the same format as above.
21 -> ftp 8000 -> Icecast 10000 -> Webmin
Be sure to restart
shorewall after you add any of these:
# /etc/init.d/shorewall restart