From 44c430801bde87b910c6a1688ada9e183abdd0ba Mon Sep 17 00:00:00 2001 From: test2 Date: Tue, 10 Dec 2019 22:31:27 +0200 Subject: [PATCH] shorewall --- sec/ex-4_iptables.adoc | 44 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/sec/ex-4_iptables.adoc b/sec/ex-4_iptables.adoc index e1fbc42..ad27428 100644 --- a/sec/ex-4_iptables.adoc +++ b/sec/ex-4_iptables.adoc @@ -39,6 +39,38 @@ Assuming you're already logged in https://en.wikipedia.org/wiki/Shorewall[More: wikipedia] +.NOTE +[NOTE] +==== +Our docker instances have only one nic + +to add more nic's: + +.create netowrk frist +[source,bash] +---- +docker network create --driver=bridge --subnet=192.168.0.0/16 net1 +docker network create --driver=bridge --subnet=192.168.0.0/16 net2 +docker network create --driver=bridge --subnet=192.168.0.0/16 net3 +---- + +then connect network to container + +.create netowrk frist +[source,bash] +---- +docker network connect net1 master +docker network connect net1 worker1 +docker network connect net2 master +docker network connect net2 worker2 +---- + +now let's look at the following image + + +==== + + === Installation Shorewall is already installed on swarmlab-sec. @@ -203,6 +235,18 @@ ACCEPT $FW net udp 53 ACCEPT net $FW udp 53 ACCEPT $FW net tcp 80 ACCEPT net $FW tcp 80 +#New lines +ACCEPT $FW dmz udp 53 +ACCEPT dmz $FW udp 53 +ACCEPT $FW dmz tcp 80 +ACCEPT dmz $FW tcp 80 + +ACCEPT loc dmz tcp 80 # Add your rules for the zones you have defined. +ACCEPT dmz loc tcp 80 # +ACCEPT loc net tcp 80 # This here is an example +ACCEPT net loc tcp 80 # for communication +ACCEPT dmz net tcp 80 # over port 80 +ACCEPT net dmz tcp 80 # aka the web ----