So you're ready to start installing applications on your slice and, rightly, you want to make sure that you're nice and secure. IPTables, right? Well, sure, but the only thing is that IPTables can be a messy beast to deal with. That's where Shorewall comes in.
Shorewall is the common name for the Shoreline firewall, a “wrapper” for IPTables that will handle all the heavy lifting for you. This article will get you started, showing you how to get Shorewall on your system.
This article is the first in a series designed to get you started using the Shorewall firewall system. Shorewall will help simplify tasks done with IPTables, making those tasks more intuitive and easier to deal with.
Now then, I have good news and bad news for you. The bad news is that you probably won't be able to get Shorewall with your standard RHEL package manager, YUM. But don't worry, the good news is that it's still very easy to install with RPMs.
Let's go ahead and get the packages. Go ahead and change directories so that you're in your home directory and let's pull down the packages we need.
At the time of this writing, the latest stable version of Shorewall is 4.2.10-3. That's the version that we're going to work with.
Currently, the standard version of Shorewall needs two packages, shorewall and shorewall-perl, to function. Subsequent versions are reported to have those packages combined into one, but as of right now, we'll need both packages to get up and running.
Let's get the RPMs downloaded onto our system.
wget http://www.invoca.ch/pub/packages/shorewall/4.2/shorewall-4.2.10/shorewall-4.2.10-3.noarch.rpm wget http://www.invoca.ch/pub/packages/shorewall/4.2/shorewall-4.2.10/shorewall-perl-4.2.10-3.noarch.rpm
When it comes time to update, you can check on the Shorewall download page for new versions to download.
Okay now that we have the RPMs in our clutches, let's install them.
sudo rpm -ihv shorewall-*
Don't look now, but you just installed Shorewall. I told you, easy right? Don't believe me? Let's check:
sudo rpm -q shorewall Password: shorewall-4.2.10-3
Hard to argue with that. We've just installed and confirmed the latest version of Shorewall. In the next article, we're going to set up a nice, basic one-interface configuration for it. Excited? Yep, me too.