blob: a21ef2931383233ddd4614260556539ae5fbb46e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
<?xml version="1.0" encoding="UTF-8"?>
<section version="5.0" xreflabel="Firewall" xml:id="firewall"
xmlns="http://docbook.org/ns/docbook"
xmlns:ns5="http://www.w3.org/1998/Math/MathML"
xmlns:ns4="http://www.w3.org/2000/svg"
xmlns:ns3="http://www.w3.org/1999/xhtml"
xmlns:ns2="http://www.w3.org/1999/xlink"
xmlns:ns="http://docbook.org/ns/docbook">
<!--2018/02/15 apb: Text and typography.-->
<!--2018/02/25 apb: Added xreflabel for this section.-->
<!--2019/07/23 apb: Added dx2-firewall.png for this section.-->
<info>
<title xml:id="firewall-ti1">Firewall</title>
</info>
<para revision="1" xml:id="firewall-pa1">This section allows you to
configure some simple firewall rules: they determine which type of message
from the Internet will be accepted by the target system. This, in turn,
allows the corresponding services on the system to be accessible from the
Internet.</para>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="dx2-firewall.png"/>
</imageobject>
</mediaobject>
<para>In the default setting (no button is checked), no service of the
system is accessible from the network. The <emphasis>Everything (no
firewall)</emphasis> option enables access to all services of the machine -
an option that does not make much sense in the context of the installer
since it would create a totally unprotected system. Its veritable use is in
the context of the Mageia Control Center (which uses the same GUI layout)
for temporarily disabling the entire set of firewall rules for testing and
debugging purposes.</para>
<para>All other options are more or less self-explanatory. As an example,
you will enable the CUPS server if you want printers on your machine to be
accessible from the network.</para>
<para><emphasis role="bold">Advanced</emphasis></para>
<para>The <emphasis>Advanced</emphasis> option opens a window where you can
enable a series of services by typing a list of <quote>couples</quote>
(blank separated)</para>
<para><emphasis><port-number>/<protocol></emphasis></para>
<simplelist>
<member>- <emphasis><port-number></emphasis> is the value of the
port assigned to the service you want to enable (e.g. 873 for the RSYNC
service) as defined in <emphasis>RFC-433</emphasis>;</member>
<member>- <emphasis><protocol></emphasis> is one of
<emphasis>TCP</emphasis> or <emphasis>UDP</emphasis> - the internet
protocol that is used by the service.</member>
</simplelist>
<para>For instance, the entry for enabling access to the RSYNC service
therefore is <emphasis>873/tcp</emphasis>.</para>
<para>In case a service is implemented to use both protocols, you specify 2
couples for the same port.</para>
</section>
|
