Some confusion with initial setup of the latest version, but I carefully
copied the files "interfaces", "policy", "rules", and "zones" from the
"Universal" sample configuration into "/etc/shorewall/" and
"/etc/shorewall6" and set "STARTUP_ENABLED=Yes" in shorewall.conf and
shorewall6.conf. Then added the specific rules for ports to allow
incoming connections.
> Important
> Please don't use distribution specific programs like "service" or
init scripts to start/restart Shorewall while trying to solve a problem,
just follow carefully the instructions below.
That's okay but perhaps some explanation of what shorewall is and what
it isn't might be in order, if "iptables made easy" isn't understandable
to the common folk, or if shorewall itself isn't a collection of service
and init scripts intended to manage iptables, it certainly pulled in
enough perl dependencies for that when I installed it. That's the point
of running it, to use the managed "policy" and "rules" etc. to configure
the Linux kernel firewall.
I want to see a working basic "Universal" type sample firewall installed
and running by default on all Linux systems, especially any that are
exposed to the internet. Management port(s) and/or basic web so I don't
get locked out, allow outgoing connections for DNS and system updates
whatever is needed and nothing else.
Distribution and packaging. Whatever sort of software or computer
program it is, make it work for the average customer's basic use case
from the get-go, explain clearly and simply how it does work and don't
make me futz with it to get a working configuration. Life is too brief
and troublesome, and too many criminals and hackers and crackers with
big guns, dirty knives, and advanced lock picking instruments are
continually playing too many party pranks, practical jokes and dirty
tricks with anything and everything security-related on the internet for
that.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
