The days of confusing Linux firewalls are now over.該天的混淆Linux的防火牆都已成過去。 Firestarter FireStarter - provides a very easy to use GUI for most Linux systems, allowing you to create specific firewall rules based on IP addresses, hosts or specific services (FTP, SSH, etc).提供了一個非常容易使用的GUI對於大多數Linux系統,使您能夠創造具體的防火牆規則的基礎上的IP地址,主機或特定的服務(的FTP , SSH的,等等) 。 Continue reading for a complete walk-through on using Firestarter.繼續讀為一個完整的步行通過關於使用FireStarter -。
- First you’ll need to download and install Firestarter.首先,您需要下載並安裝FireStarter -。 You can find installation options on the你可以找到安裝方案對 Firestarter download page FireStarter -下載網頁 . 。 If you’re using Ubuntu (as I do for this tutorial), you can install it via如果您使用Ubuntu的(正如我做這個教程) ,您可以安裝它通過 Synaptic突觸 . 。
- Once installed, launch it from the appropriate menu (in Ubuntu, select Applications -> Internet -> Firestarter一旦安裝後,啟動它從適當的菜單(在Ubuntu的,選擇的應用程序 -> “互聯網- >” F i reStarter-
- Enter your password to continue.輸入您的密碼才能繼續下去。
- Since this is the first time you’re running Firestarter, you’ll be taken through a quick setup wizard.由於這是第一次,您運行FireStarter -,你將會被帶到一個快速安裝嚮導。 Review the info on the Welcome screen and click Forward to continue.檢討的信息歡迎屏幕,並點擊著繼續下去。
- On the Network device setup screen you’ll need to specify which device (ethernet card, wireless card, modem etc) that provides your Internet connection.對網絡設備安裝屏幕上,您需要指定哪些設備(以太網卡,無線網卡,調製解調器等) ,提供您的網際網路連線。 Generally, this is Ethernet device (eth0) .一般來說,這是以太網設備( eth0的) 。 If your Internet Service Provider assigns you a dynamic IP address (almost all North American broadband ISPs do), make sure to check the box IP address is assigned via DHCP .如果您的互聯網服務供應商指派你一個動態IP地址(幾乎所有的北美寬頻互聯網服務供應商這樣做) ,請務必選中該框的IP地址是通過DHCP的分配 。 Click Forward to continue.點擊著繼續下去。
- If you’re going to use this PC to share its Internet connection with other PCs (ie. a gateway), place a check in the Enable Internet connection sharing .如果您要使用這個電腦,以分享其網際網路連線與其他個人電腦(即網關) ,地點檢查,在啟用Internet連接共享 。 This is not the same thing as “file and printer” sharing, so unless you’re certain the PC you’re installing/setting up Firestarter on is going to act as a gateway, leave this option unchecked .這是不是一回事“的文件和打印機”共享,所以,除非您一定籌委會您正在安裝/設立FireStarter -就是要作為一個網關,離開這個選項選中。 Again, click Forward to continue.再次,請點擊著繼續下去。
- That’s it - the setup wizard is done.這就是它-設置嚮導是這樣做。 Place a check in the Start firewall now box, and click Save .地方檢查,在開始防火牆現在框中,並點擊保存 。
- Firestarter will launch and display the Status tab. FireStarter -將啟動並顯示狀態標籤。 If you’re currently surfing the Internet, using an FTP program etc, you’ll see detailed info on your connections in the Active connections pane.如果您目前正在瀏覽互聯網,使用FTP程序等,您會看到詳細信息,您的連接在積極聯繫窗格中。
- Now you’ll want to create some firewall rules.現在您將要創建一些防火牆規則。 Click on the Policy tab, and make sure Inbound traffic policy is selected from the Editing drop-down menu.按一下該策略選項卡,並確保入境的交通政策是選自編輯下拉式選單。 Right-click inside the Allow connections from host window, and select Add Rule .右鍵單擊內允許從主機窗口,並選擇添加規則 。
- By adding a rule in this section, you’ll be allowing an IP, host or network full access to your Linux PC.加入的規則,在本節中,您將允許一個IP ,主機或網絡的充分接觸到您的Linux電腦。 They will still need to provide a user name and password to connect to any services (FTP, SSH etc), but the IP, host or network will not be blocked at all by your firewall.他們將仍然需要提供一個用戶名和密碼連接到任何服務(的FTP , SSH的等) ,但IP地址,主機或網絡將不會被封鎖在所有您的防火牆。 In the example below I added the host name for my MacBook Pro (ross-macbookpro) and included a descriptive comment.在下面的例子中我已將主機名稱為我的MacBook Pro (羅斯- macbookpro ) ,並包括一個描述性的評論。 Click Add when you’re done.單擊添加時,你就大功告成了。
- If you want to create a rule based on a single service (eg. SSH, FTP, Telnet etc), right-click in the Allow Service section and click Add Rule .如果您想要建立一個法治的基礎上,單一的服務(如SSH的,的FTP ,遠程登錄等) ,右鍵單擊在允許服務部分,並點擊添加規則 。 From the new menu that pops up, select the service you want to allow from the Name drop-down menu.由新的菜單彈出,選擇服務,您要允許從名稱下拉式選單。 In the example below I selected SSH.在下面的例子i選定的SSH 。
- The port for SSH (22) will be automatically added to the Port field.港口的SSH ( 22 )將自動添加到港口領域。 Decide who you want to allow to access SSH on the PC running Firestarter (Anyone, LAN clients, IP, host or network).決定誰你想允許進入的SSH在PC上運行FireStarter -(任何人,藍鴻震的客戶,葉,主機或網絡) 。 In the example below, I opted to allow access to SSH from my PC running Vista, which has a host name of ross-vista.在下面的例子中,我選擇允許訪問的SSH從我的PC運行Vista的,其中有一個主機名稱羅斯- Vista的。 Again, I added a descriptive comment.再次,我說,一個描述性的評論。 Once you’ve got everything filled in, click Add一旦您得到的一切填補,單擊添加
- Back at the Policy main menu, click the Apply Policy button to apply the two policies (rule) you just created.回到在政策的主菜單,按一下按鈕, 適用的政策,申請兩項政策(規則) ,您剛剛創建的。
- Now select Outbound traffic policy from the Editing pull-down menu.現在選擇對外交通的政策,從編輯下拉式選單。
By default, Firestarter allows all outbound traffic.默認情況下, FireStarter -允許所有的對外交通。 So if you’re trying to surf the web, chat with a friend using your IM program, FTP to a remote host, connect to your POP3 or IMAP email server - all of these services will be “allowed”.所以,如果您想在網上衝浪,聊天,與一位朋友使用您的IM程序, FTP發布到遠程主機,連接到您的POP3或IMAP電子郵件服務器-所有這些服務將“允許” 。 You can reverse that policy, and change it to Restrictive by default, whitelist traffic if you’d like, but then you’ll have to create rules to allow any outbound Internet activity.您可以扭轉這一政策,並且將它更改為限制性默認情況下,白名單的交通如果您想要,但然後,您就必須建立規則,以允許任何外的網際網路活動。
- If you do opt to go the Restrictive route, creating outbound rules is pretty much the same as inbound rules.如果您選擇去限制性的路線,創造出站的規則是非常相同的入境規則。 In the Allow connections to host , right-click and select Add Rule .在允許連接到主機 ,點擊右鍵並選擇添加規則 。 Again, I will allow all outbound connections to my MacBook Pro by adding its host name (ross-macbookpro).再次,我會允許所有出站連接到我的MacBook Pro加入其主機名稱(羅斯- macbookpro ) 。 Click Add to create this rule.單擊添加以建立這條規則。
- And again, similar to inbound rules, you can create a rule that’s specific to a service.再次,類似的訪港的規則,您可以創建一個規則的具體服務。 Right-click in the Allow service window and select Add Rule .右鍵單擊在允許服務窗口並選擇添加規則 。 As before, select the service you want to allow out (in the example below I selected FTP) and choose Anyone, Firewall host, LAN clients, IP, host or network.一如以往,專責服務您要允許出 (在下面的例子i選定的FTP ) ,並選擇任何軟件,防火牆主機,局域網客戶的IP ,主機或網絡。 Click Add when you’re done.單擊添加時,你就大功告成了。
The screenshot below illustrates a rule that would allow me to FTP to my Windows Vista PC.下面的截圖說明的規則將允許我的FTP我的Windows Vista的PC機。
- Back at the Policy main window again, click Apply Policy to apply any new rules you created.回到在政策的主要窗口,再次,單擊應用的政策,適用於任何新的規則您創建的。
- Click the Events tab, and you’ll see a list of “firewall happenings”.單擊事件選項卡,您會看到一個名單“防火牆發生的事情” 。 In this example, I intentionally blocked off being able to FTP and SSH from my Linux PC, and when I tried to FTP and SSH to my web host, it was denied (blocked).在這個例子中,我故意封鎖了能到FTP和SSH從我的Linux電腦,當我嘗試到FTP和SSH到我的網頁主機,它被拒絕(阻塞) 。
- Now that you’ve got the gist of creating firewall rules, select Edit -> Preferences .現在感覺,你覺得自己的精神創造防火牆規則,選擇編輯 -> “預置。
- From here you can customize some of the Firestarter Interface options.從這裡您可以自訂部分的FireStarter -接口選項。
- Click Firewall from the left navigation window, and you can alter some of the Firewall specific preferences.單擊防火牆從左側導航窗口,你可以改變一些防火牆的具體偏好。
- That’s pretty much it - feel free to explore and by all means if you have a question, leave a comment below.說的非常-覺得自由探索和一切手段,如果你有一個問題,留下一個評論如下。
{ 0 comments… ( 0評論… add one now新增1現在 } )
Leave a Comment留下意見