1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" xml:id="drakfirewall" version="5.0" xml:lang="ja">
<info>
<title xml:id="drakfirewall-ti1">個人用ファイアウォールの設定</title>
<subtitle>drakfirewall</subtitle>
</info>
<mediaobject>
<imageobject>
<imagedata revision="1" fileref="drakfirewall.png" align="center" xml:id="drakfirewall-im1" format="PNG"/>
</imageobject>
</mediaobject>
<para>This tool<footnote>
<para>You can start this tool from the command line, by typing <emphasis
role="bold">drakfirewall</emphasis> as root.</para>
</footnote> is found under the Security
tab in the Mageia Control Center labelled "Set up your personal
firewall". It is the same tool in the first tab of "Configure system
security, permissions and audit".</para>
<para>A basic firewall is installed by default with Mageia. All the incoming
connections from the outside are blocked if they aren't authorised. In the
first screen above, you can select the services for which outside connection
attempts are accepted. For your security, uncheck the first box -
<guilabel>Everything (no firewall)</guilabel> - unless you want to disable
the firewall, and only check the needed services.</para>
<para>It is possible to manually enter the port numbers to open. Click on
<guibutton>Advanced</guibutton> and a new window is opened. In the field
<guilabel>Other ports</guilabel>, enter the needed ports following these
examples :</para>
<para>80/tcp : open the port 80 tcp protocol</para>
<para>24000:24010/udp : open all the ports from 24000 to 24010 udp protocol</para>
<para>The listed ports should be separated by a space.</para>
<para>If the box <guilabel>Log firewall messages in system logs</guilabel> is
checked, the firewall messages will be saved in system logs</para>
<mediaobject>
<imageobject>
<imagedata fileref="drakfirewall2.png"/>
</imageobject>
</mediaobject>
<note>
<para>If you don't host specific services (web or mail server, file sharing, ...)
it is completely possible to have nothing checked at all, it is even
recommended, it won't prevent you from connecting to the internet.</para>
</note>
<para>The next screen deals with the Interactive Firewall options. These feature
allow you to be warned of connection attempts if at least the first box
<guilabel>Use Interactive Firewall </guilabel>is checked. Check the second
box to be warned if the ports are scanned (in order to find a failure
somewhere and enter your machine). Each box from the third one onwards
corresponds to a port you opened in the two first screens; in the screenshot
below, there are two such boxes: SSH server and 80:150/tcp. Check them to be
warned each time a connection is attempted on those ports.</para>
<para>These warning are given by alert popups through the network applet.</para>
<mediaobject>
<imageobject>
<imagedata fileref="drakfirewall3.png"/>
</imageobject>
</mediaobject>
<mediaobject>
<imageobject>
<imagedata fileref="drakfirewall4.png"/>
</imageobject>
</mediaobject>
<para>In the last screen, choose which network interfaces are connected to the
Internet and must be protected. Once the OK button is clicked, the necessary
packages are downloaded.</para>
<tip>
<para>If you don't know what to choose, have a look in MCC tab Network &
Internet, icon Set up a new network interface.</para>
</tip>
</section>
|