4.7. Testing the Firewall

Now that the firewall in configured start it up via the Guardian Digital WebTool. Now try to change pages in the Guardian Digital WebTool. If you can still use the Guardian Digital WebTool verify that the firewall is actually running. You can look at the running state in the "Services Configuration" WebTool page or if you have shell access as 'root' you can run the command "iptables -nL". If you see output other than:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

at least one rule is working. If all you see is the above then the firewall isn't running. You can also start the firewall manually as 'root' by running the command "/etc/init.d/shorewall start". (To stop run "/etc/init.d/shorewall stop"). Once the firewall is running start testing by accessing the services that have been defined from both hosts that are allowed access and more importantly from hosts that shouldn't have access and verify proper operation. Also verify that any blacklisted hosts/networks don't have any access that has been denied. If all checks out you have just successfully configured an EnGarde Secure Linux firewall using the Guardian Digital WebTool.