Log into webmin, go into manual configuration (for each category listed below), and copy and paste these settings.
#Network Zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
#Network Interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
#Default Policies
#SOURCE ZONE DESTINATION ZONE POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT
net all DROP info
all all REJECT info
#Firewall Rules
#ACTION SOURCE DESTINATION PROTOCOL SOURCE PORTS
#DESTINATION PORTS
#The following line will enable FTP port 21 to work with PASV connections #connecting to port 30000 through 30100
ACCEPT:ULOG net fw tcp 21,30000:30100
#The following line will enable a VMware server machine to connect to our
#Vmware image via port 20000
ACCEPT:ULOG net:IPofVMwareHostgoeshere fw tcp 20000
#Blacklist Hosts
#Add IP addresses in this format
XXX.XXX.XXX.XXX/XX
Lastly, restart shorewall
If you'd like to block an entire country's IP addresses, the best place to go is www.blockacountry.com This site will list a country's IP address block assignments. They made it super easy for us to block an entire country! Throw some support, aka donations, if you do decide to use it.
#The following line will enable FTP port 21 to work with PASV connections #connecting to port 30000 through 30100
ACCEPT:ULOG net fw tcp 21,30000:30100
#The following line will enable a VMware server machine to connect to our
#Vmware image via port 20000
ACCEPT:ULOG net:IPofVMwareHostgoeshere fw tcp 20000
#Blacklist Hosts
#Add IP addresses in this format
XXX.XXX.XXX.XXX/XX
Lastly, restart shorewall
If you'd like to block an entire country's IP addresses, the best place to go is www.blockacountry.com This site will list a country's IP address block assignments. They made it super easy for us to block an entire country! Throw some support, aka donations, if you do decide to use it.
.
No comments:
Post a Comment