LinuxÏÂShorewall·À»ðǽ°²×°ÓëÅäÖ÷½·¨

»·¾³ËµÃ÷£º±¾»úÖ»ÓÐÒ»ÕÅÍø¿¨£¬Ê¹Óþ²Ì¬IPÉÏÍø
    ÃüÁapt-get install shorewall ubuntu»á×Ô¶¯µÄ¸øÄã°²×°ºÃ£¬µ«ÊÇshorewallûÓÐÅäÖÃ
ҲûÓÐÆô¶¯
    ¡¸1¡¹Ê×ÏÈcp /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall
    ¡¸2¡¹ÐÞ¸Ä/etc/shorewall/shorewall.conf ¸ÄSTARTUP_ENABLED=NoΪSTARTUP_ENABLED=Yes
    ¡¸3¡¹ÐÞ¸Ä/etc/default/shorewall ¸Ästartup=0Ϊstartup=1
    ¡¸4¡¹ÔËÐÐifconfigÈ·ÈÏ×Ô¼ºÍø¿¨Ãû³Æ ĬÈÏÒ»°ã¶¼ÊÇeth0 £¬¼ÇÏÂÕâ¸öÍø¿¨Ãû³Æ
    ¡¸5¡¹ÐÞ¸Ä/etc/shorewall/interfaces ¸Änet eth0 detect dhcp£¬tcpflags£¬logmartians£¬nosmurfsÖеÄeth0ΪÄãµÄÍø¿¨Ãû³Æ£¬Èç¹ûÏàͬ¾Í²»ÓÃÐÞ¸ÄÁË
    ¡¸6¡¹ÐÞ¸Ä/etc/shorewall/rules Õâ¸öÎļþÊÇ·ÃÎʹæÔòµÄ¶¨ÒåÎļþ£¬Ä¬ÈÏÊÇÔÊÐí±¾µØ¼ÆËã»ú·ÃÎÊËùÓÐÍⲿµØÖ·£¬½ûÖ¹Íⲿ¼ÆËã»ú·ÃÎʱ¾µØÖ·ÀýÈçÄãÈç¹û¿ª·ÅÁËssh
·þÎñ£¬¶Ë¿ÚÊÇ22£¬ÄãÏëÔÊÐí±ðÈË·ÃÎÊÄÄôÔÚ ACCEPT $FW net icmp н¨Ò»Ìõ¹æÔò
    ACCEPT net $FW TCP 22 ÕâÀïÒ²¸ø´ó¼Ò¼òµ¥ËµÏ¹æÔòµÄһЩд·¨ net ´ú±í»¥ÁªÍø¼ÆËã»ú $fw´ú±í±¾»ú£¬Ò²¾ÍÊÇ·À»ðǽ
±¾Éí½â¶Á ACCEPT net $FW TCP 22 Òâ˼¾ÍÊÇÔÊÐí»¥ÁªÍøµ½±¾»ú£¨·À»ðǽ£©ÒÔ TCP ЭÒé
·ÃÎÊ22¶Ë¿ÚÏàÓ¦µÄÈç¹û½ûÖ¹¾ÍÊÇDROP
    DROP net $FW TCP 22 Èç¹ûÊÇÔÊÐí»¥ÁªÍøijһIP·ÃÎÊ£¬¹æÔò¿ÉÒÔÕâôд
    ACCEPT net£º192.168.1.10 $FW TCP 22
    shorewall start ºÃÁË¡£