nano /etc/shorewall/zonesKnow how iptables operates in chains and tables? Well, Shorewall operates in zones, which is essentially chains. But, Shorewall makes it easy by allowing free reign on the name, so if you feel like naming the local network zone "BillyEatsLeaves", well then, by all means. Why don't we pick something a little bit easier to manage, however? Inside the file, have these lines:
# cat /etc/shorewall/interfaces FORMAT 2 net eth0 dhcp,tcpflags,logmartians,nosmurfs"FORMAT" is specified to tell Shorewall that we aren't using the outdated original format of the interfaces file. Simple enough.
# cat /etc/shorewall/rules SECTION NEW DROP net $FW icmp 8 ACCEPT $FW net icmpThere's an easier way to write rules (usually), but we'll cover that in the next chapter. But lets go over this.
cat /etc/shorewall/policy $FW net ACCEPT net all DROP info all all DROP infoThe basic format of a policy line is: SOURCE DESTINATION POLICY LOG_LEVEL LIMIT:BURST
# shorewall checkIf you see the message "Shorewall configuration verified", you're good to go! Just make sure you disable your current firewall (conflicts can definitely arise), such as iptables, and run Shorewall: shorewall start