Shorewall is a powerful firewall tool that can help secure your Proxmox VE server. In this tutorial, we’ll cover how to install Shorewall and configure it to harden your Proxmox VE server.
- Install Shorewall on Proxmox VE To install Shorewall on Proxmox VE, follow these steps:
- Log in to your Proxmox VE server as the root user.
- Open a terminal window and run the following command to install Shorewall:
apt-get install shorewall
This will install Shorewall on your Proxmox VE server. - Configure Shorewall Once Shorewall is installed, you need to configure it to harden your Proxmox VE server. Here are the steps:
- Open the shorewall configuration file in a text editor.
The file is located at/etc/shorewall/shorewall.conf
. - Set the
STARTUP_ENABLED
option toYes
to enable Shorewall at startup:STARTUP_ENABLED=Yes
- Add your Proxmox VE server IP address to the
shorewall/interfaces
file. The IP address should be added to thenet
section:net eth0 dhcp,routeback
- Create a new configuration file for Shorewall rules.
You can name it anything you like, but it should end with.rules
. For example,proxmox.rules
. - Open the new configuration file in a text editor and add the following rules:
# Allow all traffic on the loopback interface
ACCEPT loc $FW all
# Allow SSH traffic from any IP address
ACCEPT net $FW tcp 22
# Allow HTTP and HTTPS traffic from any IP address
ACCEPT net $FW tcp 80 ACCEPT net $FW tcp 443
# Deny all other traffic
DROP net all all
These rules allow SSH, HTTP, and HTTPS traffic to your Proxmox VE server and deny all other traffic. - Save the configuration file and exit the text editor.
- Test your configuration by running the following command:sqlCopy code
shorewall check
This will check the Shorewall configuration for errors. - If there are no errors, start Shorewall by running the following command:
service shorewall start
Shorewall is now running and securing your Proxmox VE server.
Congratulations, you’ve successfully installed and configured Shorewall to harden your Proxmox VE server.