Shorewall Installation

Two tools are necessary for port shorewall: iproute and iptables Before we install these programs, we must make sure that the kernel has compiled-in iptables support (otherwise nothing will work). To install iptables you must enable the option "Network packet filtering (replaces ipchains)" (A.K.A. NETFILTER). You can find this option under:

Linux Kernel Configuration: Networking
 Networking options-->
  [*] Network packet filtering (replaces ipchains)

Now recompile the kernel if necessary, reboot the system and run:

$ emerge net-firewall/shorewall

Next we will write some config files.Adapt the values to your own network.

File: /etc/shorewall/shorewall.conf
File: /etc/shorewall/interfaces
net eth0 tcpflags,nosmurfs
File: /etc/shorewall/policy
uncomment the lines that begins with fw,net,all 
File: /etc/shorewall/zones
uncomment the line: net ipv4 

Now you have a desktop firewall that allows all outbound traffic and blocks all inbound. Lets start the firewall:

$ shorewall start

Troubleshooting (2 interface setup)

shorewall -vv restart

will give debugging information if it doesnt start

shorewall show and shorewall dump

will give output of a running firewall

  1. DNS doesnt work

you need to allow your firewall to connect to local network

File: /etc/shorewall/policy
$FW             net             ACCEPT
$FW             loc             ACCEPT
$FW             all             REJECT
