波少散记

apt-get install shorewall cp /usr/share/doc/shorewall/examples/one-interface/interfaces /etc/shorewall/interfaces cp /usr/share/doc/shorewall/examples/one-interface/policy /etc/shorewall/policy cp /usr/share/doc/shorewall/examples/one-interface/rules /etc/shorewall/rules cp /usr/share/doc/shorewall/examples/one-interface/zones /etc/shorewall/zones Now open /etc/shorewall/policy file and change the line: net all DROP info removing info directive given it fills the system logs: net all DROP Now open /etc/shorewall/rules and add the following rules at the bottom of the file: HTTP/ACCEPT net $FW SSH/ACCEPT net $FW FTP/ACCEPT net $FW # real apache since varnish listens on port 80 #ACCEPT net $FW tcp 8080 ACCEPT net:192.168.1.10 $FW TCP 22 vi /etc/shorewall/shorewall.conf STARTUP_ENABLED=No —— STARTUP_ENABLED=Yes vi /etc/default/shorewall ...