1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" xml:id="drakfirewall" version="5.0">
<info>
<title xml:id="drakfirewall-ti1">Set up your personal firewall</title>
<subtitle>drakfirewall</subtitle>
</info>
<mediaobject>
<imageobject>
<imagedata revision="1" fileref="drakfirewall.png" align="center" xml:id="drakfirewall-im1" format="PNG"/>
</imageobject>
</mediaobject>
<para>This tool<footnote>
<para>You can start this tool from the command line, by typing <emphasis role="bold">drakfirewall</emphasis> as root.</para>
</footnote> is found under the Security tab in the Mageia Control Center
labelled "Set up your personal firewall". It is the same tool in the first
tab of "Configure system security, permissions and audit".</para>
<para>A basic firewall is installed by default with Mageia. All the incoming
connections from the outside are blocked if they aren't authorised. In the
first screen above, you can select the services for which outside connection
attempts are accepted. For your security, uncheck the first box -
<guilabel>Everything (no firewall)</guilabel> - unless you want to disable
the firewall, and only check the needed services.</para>
<para>It is possible to manually enter the port numbers to open. Click on
<guibutton>Advanced</guibutton> and a new window is opened. In the field
<guilabel>Other ports</guilabel>, enter the needed ports following these
examples :</para>
<para>80/tcp : open the port 80 tcp protocol</para>
<para>24000:24010/udp : open all the ports from 24000 to 24010 udp
protocol</para>
<para>The listed ports should be separated by a space.</para>
<para>If the box <guilabel>Log firewall messages in system logs</guilabel>
is checked, the firewall messages will be saved in system logs</para>
<mediaobject>
<imageobject>
<imagedata fileref="drakfirewall2.png"/>
</imageobject>
</mediaobject>
<note>
<para>If you don't host specific services (web or mail server, file
sharing, ...) it is completely possible to have nothing checked at all, it
is even recommended, it won't prevent you from connecting to the
internet.</para>
</note>
<para>The next screen deals with the Interactive Firewall options. These
feature allow you to be warned of connection attempts if at least the first
box <guilabel>Use Interactive Firewall </guilabel>is checked. Check the
second box to be warned if the ports are scanned (in order to find a failure
somewhere and enter your machine). Each box from the third one onwards
corresponds to a port you opened in the two first screens; in the screenshot
below, there are two such boxes: SSH server and 80:150/tcp. Check them to be
warned each time a connection is attempted on those ports.</para>
<para>These warning are given by alert popups through the network
applet.</para>
<mediaobject>
<imageobject>
<imagedata fileref="drakfirewall3.png"/>
</imageobject>
</mediaobject>
<mediaobject>
<imageobject>
<imagedata fileref="drakfirewall4.png"/>
</imageobject>
</mediaobject>
<para>In the last screen, choose which network interfaces are connected to
the Internet and must be protected. Once the OK button is clicked, the
necessary packages are downloaded.</para>
<tip>
<para>If you don't know what to choose, have a look in MCC tab Network
& Internet, icon Set up a new network interface.</para>
</tip>
</section>
|
