当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 12 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : [转帖]Installing a firewall on Ubuntu
帖子发表于 : 2006-07-01 9:30 
头像

注册: 2005-10-16 23:26
帖子: 532
地址: 泉州
送出感谢: 0 次
接收感谢: 3
Installing a firewall on Ubuntu
转贴自www.linux.com
Friday June 30, 2006 (02:01 PM GMT)

By: Joe 'Zonker' Brockmeier

Ubuntu's desktop install provides a bunch of useful software for desktop users, but it doesn't install a firewall by default. Luckily, it's really simple to get a firewall up and running on Ubuntu.


_______________________________________________________
______________________________________________________-
Frankly, I'm glad that the default install doesn't set up a firewall. Most of my computers live behind a firewall at all times anyway, and I've always been annoyed by installers that demand I deal with firewall questions when I've already got the situation well in hand. If I want a firewall on a machine, I can set one up on my own. Since Ubuntu is, in part, aimed at corporate desktops, a firewall is unnecessary for many installations.

But if an Ubuntu desktop is your sole machine that connects directly to the Internet, then it's a good idea to configure one. Technically speaking, Ubuntu does include a firewall -- you could configure everything by hand using iptables. That, however, is a little more detailed than many users care to get. Instead, we'll look at installing a GUI application to configure a firewall in just a few easy steps.

We'll look at two packages that configure firewalls. The first is Lokkit, an application that walks you through a few simple steps and configures a basic firewall for you. Lokkit is dead easy to use, and requires very little understanding of firewalls to set up, but it provides few options, and it's not a good choice if you want to set up a complex firewall.

By contrast, Guarddog, a flexible GUI firewall configuration program, is much more complex than Lokkit. Choose Guarddog only if you know what you're doing.

To install Lokkit or Guarddog, fire up Synaptic or Adept and install the appropriate package. If you prefer to use APT, just run sudo apt-get install gnome-lokkit for Lokkit, or sudo apt-get install guarddog to install Guarddog.

Configuring your firewall with Lokkit

Configuring a basic firewall with Lokkit is a snap. You'll need to run it with superuser privileges, so open the Run Command dialog with Alt-F2 and run gksudo gnome-lokkit. After entering your password, you'll see a Configure Firewalling dialog.

Lokkit's configuration wizard is fairly self-explanatory. I'd recommend starting with the High Security option, unless you have a need for DCC file transfer over IRC. Also, if you're using DHCP to grab an IP address from a cable modem or DSL modem, you want to make sure to say "yes" when Lokkit asks about enabling DHCP. If you have a cable modem or DSL, you probably do pull the IP address via DHCP.

If the computer is the only one on the network, it's probably not necessary to enable any services, and it's safe to tell Lokkit "no" when it asks about doing that. By default, even if you select no here, Lokkit will leave SSH open to machines on the local network as long as you say "yes" when Lokkit asks if it's safe to trust hosts connected via your network interface.

After answering a few questions, Lokkit will say it's ready to enable the firewall, and then you can either apply the changes and start the firewall or cancel.

If you suspect you're having problems with the firewall, you can re-run Lokkit and select Disable Firewall to remove all of your firewall rules.

Lokkit is easy to use, and it sets up a decent set of firewall rules. However, even if you pick the most restrictive rules, Lokkit leaves SSH and VNC open, and allows ping and services such as BitTorrent to operate. If you want really tight firewall rules, or need to set up a more complex firewall, look to Guarddog.

Configuring your firewall with Guarddog

To set up a firewall with Guarddog, run gksudo guarddog. You can run Guarddog as a regular user, but you'd have to load the firewall rules separately as the superuser later.

Guarddog is much more complex than Lokkit. The first thing you'll see when firing up Guarddog is the Zones tab. Zones are basically sets of IP addresses, which are used to define firewall rules that apply to those addresses. For example, if your machine is on a local area network with IP addresses in a private network, you can set up a zone for all of those addresses. By default, Guarddog comes with two pre-configured zones; the Internet zone, for all IP addresses that don't match other zones, and a Local zone, for IP addresses on the local machine.

To set up a zone for your LAN, click on New Zone, and then under Zone Addresses, click on New Address. In the Address field, you can add a single address or a network mask to cover an entire network. Let's say your LAN is in the 10.0.0.0 range, and your IP addresses range from 10.0.0.1 to 10.0.0.255. You could set the address as 10.0.0.0/24.

You'd want to set zones other than Local and Internet so you can set up firewall rules to address those machines, if it's necessary to have different rules for local machines than you do for machines connected via the Internet zone. The best way to think of the Internet zone is as the "most hostile" zone. That is, you want to allow the bare minimum when it comes to traffic coming from Internet hosts.

Next you have the protocol configurations. Here you need to tell Guarddog exactly which protocols you want to enable. This can be a bit tricky, as anything that's not explicitly allowed is disabled. By default, nothing -- not even DNS, HTTP, or POP3 -- is allowed. Select all of the protocols you wish to enable for each zone, and then click "Apply." After approving the rules, see if you can browse the Web, get email, and whatever else you need to do. If not, you may need to tweak the allowed protocols a bit.

Guarddog also allows you to set logging options. You may wish to disable logging if you're not likely to read the logs to see what's being blocked or rejected. For desktop users, logging is probably unnecessary unless you're trying to troubleshoot a problem with the firewall.

Finally, under the Advanced tab, you can configure custom protocols if Guarddog doesn't include rules to match a protocol that you need to enable. See the Guarddog help for this if you need to add a protocol.

If you want to use your desktop machine as a router and firewall for a bunch of machines, you may need to set up Network Address Translation (NAT) using IP Masquerade. That's a bit beyond the scope of this article, and Guarddog. To set your system up as a router, have a look at Guidedog instead.

It may take a little tweaking to get everything set up the way you want it with Guarddog, but it's probably worth the time and effort.

Either Lokkit or Guarddog should be sufficient to protect your Linux desktop. If neither of these strikes your fancy, Ubuntu does offer other firewall configuration tools that might be more to your liking.


_________________
You make it fun
It will make you fun


页首
 用户资料  
 
2 楼 
 文章标题 :
帖子发表于 : 2006-07-01 10:58 

注册: 2005-06-23 20:25
帖子: 28
送出感谢: 0 次
接收感谢: 0 次
我用firestarter,Guarddog好么,有人用过么


页首
 用户资料  
 
3 楼 
 文章标题 :
帖子发表于 : 2006-07-01 17:36 
头像

注册: 2005-08-14 21:55
帖子: 58428
地址: 长沙
送出感谢: 4
接收感谢: 272
转的也精华? 翻译出来,配上说明和图解还差不多。


_________________
● 鸣学


页首
 用户资料  
 
4 楼 
 文章标题 :
帖子发表于 : 2006-09-07 16:25 

注册: 2006-08-02 15:28
帖子: 30
送出感谢: 0 次
接收感谢: 0 次
看不明白鸟语!


页首
 用户资料  
 
5 楼 
 文章标题 :
帖子发表于 : 2006-09-10 0:53 

注册: 2005-10-13 20:40
帖子: 36
地址: 广东省广州市
送出感谢: 0 次
接收感谢: 0 次
用过 guarddog,配规则,详尽,但不及firestarter方便和傻瓜,所以一般用firestarter


页首
 用户资料  
 
6 楼 
 文章标题 :
帖子发表于 : 2006-09-12 2:18 
头像

注册: 2006-09-01 17:48
帖子: 281
送出感谢: 0 次
接收感谢: 0 次
stephenwong 写道:
用过 guarddog,配规则,详尽,但不及firestarter方便和傻瓜,所以一般用firestarter


是啊


页首
 用户资料  
 
7 楼 
 文章标题 :
帖子发表于 : 2006-09-26 16:38 
头像

注册: 2005-10-19 23:48
帖子: 227
地址: 大山丛林
送出感谢: 0 次
接收感谢: 0 次
还是用shorewall吧,方便,安全,高效率,一次配置,终生享受。其他图形话界面的防火墙太容易崩溃了


_________________
图片It is no use doing what you like; you have got to like what you do!


页首
 用户资料  
 
8 楼 
 文章标题 : GNOME-LOKKIT 啟動後界面為亂碼
帖子发表于 : 2006-10-02 15:56 

注册: 2006-06-08 11:12
帖子: 36
送出感谢: 0 次
接收感谢: 0 次
我的系統使用的是繁體語言,安裝gnome-lokkit後,打開界面為亂碼,有辦法解決嗎?


页首
 用户资料  
 
9 楼 
 文章标题 :
帖子发表于 : 2006-10-02 22:15 

注册: 2006-02-06 21:06
帖子: 419
地址: Shanghai,China
送出感谢: 0 次
接收感谢: 0 次
我自己寫的簡單規則。


页首
 用户资料  
 
10 楼 
 文章标题 :
帖子发表于 : 2006-10-05 16:05 

注册: 2006-09-29 20:43
帖子: 6
送出感谢: 0 次
接收感谢: 0 次
等着有人翻译成中文的


页首
 用户资料  
 
11 楼 
 文章标题 :
帖子发表于 : 2006-10-21 15:53 

注册: 2006-10-19 9:17
帖子: 466
送出感谢: 0 次
接收感谢: 0 次
firewall is not a simple thing for green apple


页首
 用户资料  
 
12 楼 
 文章标题 :
帖子发表于 : 2007-05-05 8:46 
头像

注册: 2007-04-14 11:17
帖子: 1035
送出感谢: 0 次
接收感谢: 2
武大郎 写道:
等着有人翻译成中文的


在http://forum.ubuntu.org.cn/viewtopic.php?t=44249,已经翻译成英文了!


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 12 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 3 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译