All firewall rules stored in /etc/iptables/ directory. Please note that Awall is a frontend tool that creates rules. * service ip6tables added to runlevel default Next, make the firewall autostart at boot time and autoload the required Linux kernel modules: Please note that the above commands needed only the first time, after awall installation. Insmod /lib/modules/5.4.43-1-virt/kernel/net/ipv4/netfilter/ip_tables.ko ip6_tables # modprobe -v iptable_nat # if NAT is used aka router insmod /lib/modules/5.4.43-1-virt/kernel/net/netfilter/x_tables.ko # modprobe -v ip6_tables # if IPv6 is used Prerequisitesįirst we must load Linux kernel drivers (modules) for firewall using the modprobe command: Our goal is to allow ssh (22), ping, and HTTP (80) + HTTPS (4430 ports only. Let us see how to configure Awall for a dedicated VM or bare metal server where eth0 is connected to the high-speed Internet, and we need to protect the server. In other words your Alpine box act as a router.
Snat – Apply source nat for outgoing packets.
policies – The policy is what tell Awall what to do with when a packet enters or leaves from one of the zones (interfaces).zones (like internet, lan, red_zone, green_zone, blue_zone) – ones are defined based on a interface and assigned a name to be used in your policies.However, developers and sysadmins need to install server specific custom policies in /etc/awall directory:Įach awall policy can contain definitions for: # cat /usr/share/awall/mandatory/defaults.json # more /usr/share/awall/mandatory/services.json The mandatory policies shipped with Alpine Linux are located at /usr/share/awall/mandatory and viewed with the ls command/ cat command: # Install both IPv4 and IPv6 version of IPtables #Īwall configuration starts with a single or multiple JSON-formatted files named policy file. You need to update system using the apk command:
0 kommentar(er)
