Building a Firewall (with shorewall, maradns, and dhcpd)

By the end of this part, the students will have a firewall with block-by-default rules for connections from the outside world, allow-by-default rules for connections from the internal network, and scripts to consistently manage DNS and DHCP for their internal network.

Student notes:

Instructor notes:

  • May need to restart bind9 on edge firewall to refresh DNS from students.
  • May need to loosen up default firewall rules (for example, allowing $FW to access everything on both net and loc). The firewall will still protect itself and everything internal from outside access, and people could always tighten up the rules on their own later.

Other notes

May end up replacing maradns with dnsmasq or something else that can be both authoritative for the main domain, and still delegate subdomains to the Windows domain controller as needed.

Last modified 7 years ago Last modified on May 4, 2013, 7:21:09 PM