How to use GUI to configure Linux system firewall

Source: Internet
Author: User
With the rapid expansion of bandwidth, information exchange on the Internet is increasing, and there is no doubt that the security of the Internet and operating system platform have gradually become a concern. Many network servers and workstations use Linux/UNIX platforms. Linux is a secure and stable operating system.

With the rapid expansion of bandwidth, information exchange on the Internet is increasing, and there is no doubt that the security of the Internet and operating system platform have gradually become a concern. Many network servers and workstations use Linux/UNIX platforms. Linux platform, as an operating system with high security and stability, has also been applied to commercial or civil network services.
With the rapid expansion of bandwidth, information exchange on the Internet is increasing, and there is no doubt that the security of the Internet and operating system platform have gradually become a concern. Many network servers and workstations use Linux/UNIX platforms. Linux platform, as an operating system with high security and stability, has also been applied to commercial or civil network services.

Although Linux is an operating system with a high security factor, as a dynamic and evolving operating system, it still inevitably has such problems. In addition, there are many Linux releases and frequent upgrades. there are still many defects in the market, and Linux applications without security patches are applied to network servers, linux users and managers have varying proficiency in actual operation and management experience, so there are still some security risks in the Linux platform in the Internet era. This also finds the "backdoors" that attack the Linux platform for immoral "hackers ". Therefore, how to improve the security factor of Linux and how to protect the Linux system is a very important task.

In the Windows platform world, many firewall and security tools are designed for Microsoft Windows. World-renowned software vendors such as Symantec and Mcafee have customized system firewalls, anti-virus software, and anti-hacker software for Windows systems. The so-called "firewall" refers to a method and technology that separates the intranet from the Internet, that is, the firewall is actually an isolation technology. A firewall is an access control scale executed during communication between two networks. it allows people and data that you "agree" to access your network, at the same time, you will be "denied" people and data, to prevent hackers from accessing your network to the maximum extent, and prevent illegal intruders from changing, copying, and destroying important information in the computer. Compared with Windows, the Linux operating system is somewhat different, because it has built-in firewall or related security software, in addition, experienced system administrators can open their own firewalls based on their actual conditions and upgrade the kernel to solve security problems. Therefore, there are rare firewall tool software dedicated to Linux. However, it is inconvenient to configure the firewall in Linux or the corresponding security settings. it seems that only the system administrator and Linux experts can complete the configuration, for some new Linux beginners, it is almost impossible to set the Linux firewall and system security independently in Linux text mode.

Since many new users have a special liking for setting quick and convenient software tools in Windows, here we will introduce two firewall tools based on GUI in Linux.

One is the commercial version of Storm Firewall, which is a product of Stormix technology. Many system administrators may be familiar with this product.

The other is completely free software Firestarter, which can be used in GNOME desktop environments. Both firewall software provides graphic characters of ipchains, eliminating the trouble of configuring the firewall in a rigid text environment, this allows users of the home network to easily complete firewall security settings on the Linux platform.

These two firewall software also have two satisfactory advantages. The first is that they are a very professional tool software that allows home users to fully configure the firewall and control the security of the entire network; the second is that they are very suitable for users who do not have much Linux operation experience and network system administrators who only need some simple functions to help them quickly build excellent firewall systems on their computers.

Well, to illustrate the problem, we will use a simple home network to test the two firewall tool software.

Hardware Platform:

Processor: Duron 650

Operating system: Progeny Debian GNU/Linux beta (Linux Kernel 2.2.18-pre15)

Internet access method: DSL, because the DSL connection uses the PPP Over Ethernet (PPPOE) point-to-point method. Therefore, we use ppp0 to replace the traditional interface eth0 on the Internet. Eth1 connects to the Gateway computer by connecting five hubs. In addition, one Celon 400 computer running Windows 98 platform and one (Celon 600) computer running Debian GNU/Linux 2.2 platform are connected to the hub in turn.

How to get Firestarter?

Firestarter is a free software written by Tomas Junnonen of Finland. Firestarter provides download on its webpage. anyone can download firestartervia http: // firestarter.sourceforge.net. The size of its binary package is 1.0 KB, which includes RPM packages based on GNOME 1.2 or GNOME and designed for Red Hat. In addition, Firestarter's compressed source code (345KB) is also available for download. Installing the Firestarter package is not difficult. However, it is best to install it in a GNOME 1.2 library environment. Firestarter needs these library files. Of course, you can install Firestarter in a system without the GNOME menu. After installation, you can find Firestarter in the "Program/Internet" menu.

Use Firestarter:

We can start Firestarter from the GNOME menu or Xterm terminal window. You must note that only the ROOT super user can correctly use Firestarter Software. Therefore, before starting Firestarter, make sure that you log on to the Linux system as the ROOT user. In the start Firewall menu, select Run Firewall Wizard (Run Firewall Wizard ). When you start a program, the Firestarter Wizard will require the computer to connect to the Internet, whether or not the computer is connected to the Internet. Then, the wizard will ask whether the user's IP pseudo code needs to be enabled, what is the network interface in the computer system, the IP address range of the network, and which services need to be exposed to medium internet problems. Of course, the 18 services will be listed in the Window for users to choose from. These services include Telnet and POP to NFS, and all the services in X Window.

Select a service in the Firestarter Wizard

After you complete the basic network and server configurations as instructed by the wizard. The wizard will ask you questions related to ICMP filtering. Firestarter can provide eight different filters for ICMP packets. If you are familiar with the basic configurations of the LAN and server, follow the instructions in this wizard to configure the firewall in 8 steps. The Firestarter Firewall immediately takes effect after it runs. its "Firewall Hits" faithfully keeps providing us with a security report through an IMAP server. We can see the Dynamic rules (Dynamic Rule) of the program we run ). This is a great benefit for us to view the programs and processes running in the system. we can intuitively find the system running situation, so that we can adjust our firewall settings instantly. In addition, this firewall can also add a specified computer or block access from some unfriendly computers, and control the startup and shutdown of a network computer. These functions are very convenient for Linux super users to manage computers in the network.

Firestarter's dynamic monitoring

In addition to dynamic rule hop settings, the Firestarter firewall interface also has a green "start" and a red "stop" button, the configuration function allows you to customize the alarm sound when the firewall encounters an intrusion. you can also change the actions of the Firestarter firewall when the program starts and stops, you can also specify special communication ports through Firestarter firewall to disable some ports so that these ports cannot be logged on or accessed. Firestarter firewall also provides a script file that allows users to modify and program, which is stored in the/usr/local/etc/firestarter/firewall. sh directory. You can embed it into rc. local or connect it to/etc/init. d so that the firewall can be started along with the system at system startup. This means that the firewall program only needs one startup, and the user does not need to ignore it unless the user wants to modify the firewall parameters again.

Comments on Firestarter:

First of all, the Firestarter firewall is a very good GUI-based free software, it provides good security services for small networks and Linux system administrators who only need some simple functions. It is as easy to use as it is to operate GNOME applications.

Firestarter does not provide redundant and bloated features. It provides quick and effective protection for the Linux platform. In addition, you can promptly notify the administrator of system exceptions and related information to help the system administrator handle and respond to the system in a timely manner. After running the program, Firestarter firewall is located in the task bar menu of the system desktop. it is easy to quickly start and close the specified computer on the network. Firestarter installation is very easy. with installation wizard guidance, even users who are not familiar with Linux software can easily complete firewall installation and setting through the wizard. In addition, the annotations in the Firestarter script file are very clear, which makes it easy for you to modify and redefine some parameters. In general, Firestarter firewall is applicable to the security protection of stand-alone workstations, servers, small network servers, and home Linux systems. it is competent for general system security tasks in Linux.

Introduction to Storm Firewall

How to obtain Storm Firewall:

The above is a free Firewall software. now we will introduce Storm Firewall, a commercial version of the professional Linux platform. The firewall named "storm" looks powerful and mighty. It is produced by Stormix Technology Company (http: // www.stormlinux.com. The price is USD 99.95. If you buy it online, you can pay less than 10 USD. As a commercial version of the firewall software, each copy of the Storm firewall provides 60-day telephone technical support and 90-day email installation support. Storm firewall also comes with a 113-page user manual. However, the Storm firewall has some demanding requirements on the system. it claims that it only supports Red Hat 6.x, Storm Linux 2000, and Debian 2.2 Linux versions. Storm firewall can only run on the three known Linux platforms.

Select a service item when installing the firewall

Through experiments, we installed Storm firewall in our Progeny Debian system through a simple text installation interface. after installation, the Storm firewall icon appears on the GNOME and KDE menus. View the Storm firewall User Manual. the preceding document shows that the installation interface allows you to try to install the three Linux versions not certified by Storm firewall. In fact, the installation process is not much different from installing other Linux software packages. However, if you find that an error occurs during installation, it is likely that the Storm Firewall version you get is too old. you can upgrade the Storm firewall, you can use rpm-

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.