ubuntu firewall shorewall quickstart

1.apt-get install shorewall

2.
cp /usr/share/doc/shorewall/default-config/policy /etc/shorewall/policy
cp /usr/share/doc/shorewall/default-config/rules /etc/shorewall/rules
cp /usr/share/doc/shorewall/default-config/interfaces /etc/shorewall/interfaces
cp /usr/share/doc/shorewall/default-config/zones /etc/shorewall/zones

3.
modify /etc/shorewall/zones file
add this line 'net ipv4' after 'fw firewall'

4.
modify /etc/shorewall/interfaces file
add this line 'net eth0 detect dhcp,tcpflags,logmartians,nosmurfs' after '#ZONE INTERFACE BROADCAST OPTIONS'

ps if you ip is static please 'dhcp,' text

5.
modify /etc/shorewall/policy file
add follow code
$FW net ACCEPT
net $FW DROP info
net all DROP info
all all REJECT info
after '#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST'

6.
modify /etc/shorewall/rules file
add follow code
SSH/ACCEPT net $FW
HTTP/ACCEPT net $FW
Ping/ACCEPT net $FW
SMTP/ACCEPT net $FW
DNS/ACCEPT net $FW
FTP/ACCEPT net $FW
POP3/ACCEPT net $FW
after 'SECTION NEW'
then delete SECTION NEW line
ps: above code will enable ssh, http, ping, smtp, dns, ftp, pop3 service

7.
modify /etc/default/shorewall file
change startup=0 to startup=1

ok done

execute '/etc/init.d/shorewall start' to start your firewall
or 'invoke-rc.d shorewall start'

ps
shorewall also enable dynamic block or drop ip address functionality like gentoo dyfw

just use
shorewall drop ipaddress
shorewall reject ipaddress