The days of confusing Linux firewalls are now over.该天的混淆Linux的防火墙都已成过去。 Firestarter FireStarter - provides a very easy to use GUI for most Linux systems, allowing you to create specific firewall rules based on IP addresses, hosts or specific services (FTP, SSH, etc).提供了一个非常容易使用的GUI对于大多数Linux系统,使您能够创造具体的防火墙规则的基础上的IP地址,主机或特定的服务(的FTP , SSH的,等等) 。 Continue reading for a complete walk-through on using Firestarter.继续读为一个完整的步行通过关于使用FireStarter -。
- First you’ll need to download and install Firestarter.首先,您需要下载并安装FireStarter -。 You can find installation options on the你可以找到安装方案对 Firestarter download page FireStarter -下载网页 . 。 If you’re using Ubuntu (as I do for this tutorial), you can install it via如果您使用Ubuntu的(正如我做这个教程) ,您可以安装它通过 Synaptic突触 . 。
- Once installed, launch it from the appropriate menu (in Ubuntu, select Applications -> Internet -> Firestarter一旦安装后,启动它从适当的菜单(在Ubuntu的,选择的应用程序 -> “互联网- >” F i reStarter-
- Enter your password to continue.输入您的密码才能继续下去。
- Since this is the first time you’re running Firestarter, you’ll be taken through a quick setup wizard.由于这是第一次,您运行FireStarter -,你将会被带到一个快速安装向导。 Review the info on the Welcome screen and click Forward to continue.检讨的信息欢迎屏幕,并点击着继续下去。
- On the Network device setup screen you’ll need to specify which device (ethernet card, wireless card, modem etc) that provides your Internet connection.对网络设备安装屏幕上,您需要指定哪些设备(以太网卡,无线网卡,调制解调器等) ,提供您的网际网路连线。 Generally, this is Ethernet device (eth0) .一般来说,这是以太网设备( eth0的) 。 If your Internet Service Provider assigns you a dynamic IP address (almost all North American broadband ISPs do), make sure to check the box IP address is assigned via DHCP .如果您的互联网服务供应商指派你一个动态IP地址(几乎所有的北美宽频互联网服务供应商这样做) ,请务必选中该框的IP地址是通过DHCP的分配 。 Click Forward to continue.点击着继续下去。
- If you’re going to use this PC to share its Internet connection with other PCs (ie. a gateway), place a check in the Enable Internet connection sharing .如果您要使用这个电脑,以分享其网际网路连线与其他个人电脑(即网关) ,地点检查,在启用Internet连接共享 。 This is not the same thing as “file and printer” sharing, so unless you’re certain the PC you’re installing/setting up Firestarter on is going to act as a gateway, leave this option unchecked .这是不是一回事“的文件和打印机”共享,所以,除非您一定筹委会您正在安装/设立FireStarter -就是要作为一个网关,离开这个选项选中。 Again, click Forward to continue.再次,请点击着继续下去。
- That’s it - the setup wizard is done.这就是它-设置向导是这样做。 Place a check in the Start firewall now box, and click Save .地方检查,在开始防火墙现在框中,并点击保存 。
- Firestarter will launch and display the Status tab. FireStarter -将启动并显示状态标签。 If you’re currently surfing the Internet, using an FTP program etc, you’ll see detailed info on your connections in the Active connections pane.如果您目前正在浏览互联网,使用FTP程序等,您会看到详细信息,您的连接在积极联系窗格中。
- Now you’ll want to create some firewall rules.现在您将要创建一些防火墙规则。 Click on the Policy tab, and make sure Inbound traffic policy is selected from the Editing drop-down menu.按一下该策略选项卡,并确保入境的交通政策是选自编辑下拉式选单。 Right-click inside the Allow connections from host window, and select Add Rule .右键单击内允许从主机窗口,并选择添加规则 。
- By adding a rule in this section, you’ll be allowing an IP, host or network full access to your Linux PC.加入的规则,在本节中,您将允许一个IP ,主机或网络的充分接触到您的Linux电脑。 They will still need to provide a user name and password to connect to any services (FTP, SSH etc), but the IP, host or network will not be blocked at all by your firewall.他们将仍然需要提供一个用户名和密码连接到任何服务(的FTP , SSH的等) ,但IP地址,主机或网络将不会被封锁在所有您的防火墙。 In the example below I added the host name for my MacBook Pro (ross-macbookpro) and included a descriptive comment.在下面的例子中我已将主机名称为我的MacBook Pro (罗斯- macbookpro ) ,并包括一个描述性的评论。 Click Add when you’re done.单击添加时,你就大功告成了。
- If you want to create a rule based on a single service (eg. SSH, FTP, Telnet etc), right-click in the Allow Service section and click Add Rule .如果您想要建立一个法治的基础上,单一的服务(如SSH的,的FTP ,远程登录等) ,右键单击在允许服务部分,并点击添加规则 。 From the new menu that pops up, select the service you want to allow from the Name drop-down menu.由新的菜单弹出,选择服务,您要允许从名称下拉式选单。 In the example below I selected SSH.在下面的例子i选定的SSH 。
- The port for SSH (22) will be automatically added to the Port field.港口的SSH ( 22 )将自动添加到港口领域。 Decide who you want to allow to access SSH on the PC running Firestarter (Anyone, LAN clients, IP, host or network).决定谁你想允许进入的SSH在PC上运行FireStarter -(任何人,蓝鸿震的客户,叶,主机或网络) 。 In the example below, I opted to allow access to SSH from my PC running Vista, which has a host name of ross-vista.在下面的例子中,我选择允许访问的SSH从我的PC运行Vista的,其中有一个主机名称罗斯- Vista的。 Again, I added a descriptive comment.再次,我说,一个描述性的评论。 Once you’ve got everything filled in, click Add一旦您得到的一切填补,单击添加
- Back at the Policy main menu, click the Apply Policy button to apply the two policies (rule) you just created.回到在政策的主菜单,按一下按钮, 适用的政策,申请两项政策(规则) ,您刚刚创建的。
- Now select Outbound traffic policy from the Editing pull-down menu.现在选择对外交通的政策,从编辑下拉式选单。
By default, Firestarter allows all outbound traffic.默认情况下, FireStarter -允许所有的对外交通。 So if you’re trying to surf the web, chat with a friend using your IM program, FTP to a remote host, connect to your POP3 or IMAP email server - all of these services will be “allowed”.所以,如果您想在网上冲浪,聊天,与一位朋友使用您的IM程序, FTP发布到远程主机,连接到您的POP3或IMAP电子邮件服务器-所有这些服务将“允许” 。 You can reverse that policy, and change it to Restrictive by default, whitelist traffic if you’d like, but then you’ll have to create rules to allow any outbound Internet activity.您可以扭转这一政策,并且将它更改为限制性默认情况下,白名单的交通如果您想要,但然后,您就必须建立规则,以允许任何外的网际网路活动。
- If you do opt to go the Restrictive route, creating outbound rules is pretty much the same as inbound rules.如果您选择去限制性的路线,创造出站的规则是非常相同的入境规则。 In the Allow connections to host , right-click and select Add Rule .在允许连接到主机 ,点击右键并选择添加规则 。 Again, I will allow all outbound connections to my MacBook Pro by adding its host name (ross-macbookpro).再次,我会允许所有出站连接到我的MacBook Pro加入其主机名称(罗斯- macbookpro ) 。 Click Add to create this rule.单击添加以建立这条规则。
- And again, similar to inbound rules, you can create a rule that’s specific to a service.再次,类似的访港的规则,您可以创建一个规则的具体服务。 Right-click in the Allow service window and select Add Rule .右键单击在允许服务窗口并选择添加规则 。 As before, select the service you want to allow out (in the example below I selected FTP) and choose Anyone, Firewall host, LAN clients, IP, host or network.一如以往,专责服务您要允许出 (在下面的例子i选定的FTP ) ,并选择任何软件,防火墙主机,局域网客户的IP ,主机或网络。 Click Add when you’re done.单击添加时,你就大功告成了。
The screenshot below illustrates a rule that would allow me to FTP to my Windows Vista PC.下面的截图说明的规则将允许我的FTP我的Windows Vista的PC机。
- Back at the Policy main window again, click Apply Policy to apply any new rules you created.回到在政策的主要窗口,再次,单击应用的政策,适用于任何新的规则您创建的。
- Click the Events tab, and you’ll see a list of “firewall happenings”.单击事件选项卡,您会看到一个名单“防火墙发生的事情” 。 In this example, I intentionally blocked off being able to FTP and SSH from my Linux PC, and when I tried to FTP and SSH to my web host, it was denied (blocked).在这个例子中,我故意封锁了能到FTP和SSH从我的Linux电脑,当我尝试到FTP和SSH到我的网页主机,它被拒绝(阻塞) 。
- Now that you’ve got the gist of creating firewall rules, select Edit -> Preferences .现在感觉,你觉得自己的精神创造防火墙规则,选择编辑 -> “预置。
- From here you can customize some of the Firestarter Interface options.从这里您可以自订部分的FireStarter -接口选项。
- Click Firewall from the left navigation window, and you can alter some of the Firewall specific preferences.单击防火墙从左侧导航窗口,你可以改变一些防火墙的具体偏好。
- That’s pretty much it - feel free to explore and by all means if you have a question, leave a comment below.说的非常-觉得自由探索和一切手段,如果你有一个问题,留下一个评论如下。
{ 0 comments… ( 0评论… add one now新增1现在 } )
Leave a Comment留下意见