个人工具

“UbuntuHelp:Firewall”的版本间的差异

来自Ubuntu中文

跳转至: 导航, 搜索
(创建新页面为 '{{From|https://help.ubuntu.com/community/Firewall}} {{Languages|UbuntuHelp:Firewall}} == Introduction == The Linux kernel includes the <code><nowiki>netfilter</nowiki></code> su...')
 
 
第2行: 第2行:
 
{{Languages|UbuntuHelp:Firewall}}
 
{{Languages|UbuntuHelp:Firewall}}
 
== Introduction ==
 
== Introduction ==
The Linux kernel includes the <code><nowiki>netfilter</nowiki></code> subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server or desktop system. All modern Linux firewall solutions use this system for packet filtering.
+
Traffic into or out of a computer is filtered through "ports," which are relatively arbitrary designations appended to traffic packets destined for use by a particular application.
The kernel's packet filtering system would be of little use to administrators without a userspace interface to manage it. This is the purpose of <code><nowiki>iptables</nowiki></code>. When a packet reaches your server, it will be handed off to the <code><nowiki>netfilter</nowiki></code> subsystem for acceptance, manipulation, or rejection based on the rules supplied to it from userspace via <code><nowiki>iptables</nowiki></code>. Thus, <code><nowiki>iptables</nowiki></code> is all you need to manage your firewall if you're familiar with it, but many frontends are available to simplify the task.
+
By convention, some ports are routinely used for particular types of applications. For example, port 80 is generally used for insecure web browsing and port 443 is used for secure web browsing.
The upshot of all this is that users can configure the firewall to allow certain types of network traffic to pass into and out of a system (for instance SSH or web server traffic).  This is done by opening and closing TCP and UDP ports in the firewall, and can be configured in more detail by restricting access to specific IPs or IP address ranges.  Read on for options about managing the firewall.
+
Traffic to particular applications can be allowed or blocked by "opening" or "closing" (i.e. filtering) the ports designated for a particular type of traffic. If port 80 is "closed," for example, no (insecure) web browsing will be possible.
 +
The Linux kernel includes the <code><nowiki>netfilter</nowiki></code> subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your computer. All modern Linux firewall solutions use this system for packet filtering.
 +
The kernel's packet filtering system would be of little use to users or administrators without a user interface with which to manage it. This is the purpose of <code><nowiki>iptables</nowiki></code>. When a packet reaches your computer, it is handed off to the <code><nowiki>netfilter</nowiki></code> subsystem for acceptance, manipulation, or rejection based on the rules supplied to it via <code><nowiki>iptables</nowiki></code>. Thus, <code><nowiki>iptables</nowiki></code> is all you need to manage your firewall (if you're familiar with it). Many frontends are available to simplify the task, however.
 +
Users can therefore configure the firewall to allow certain types of network traffic to pass into and out of a system (for instance SSH or web server traffic).  This is done by opening and closing TCP and UDP "ports" in the firewall. Additonally, firewalls can be configured to allow or restrict access to specific IP addresses (or IP address ranges).
 
== Managing the Firewall ==
 
== Managing the Firewall ==
Here are your options for manipulating the firewall in Ubuntu.  Each program has its own wiki page describing how to install and configure it.
 
 
=== iptables ===
 
=== iptables ===
[[UbuntuHelp:Iptables|Iptables]] is the traditional interface for configuring the firewall in Linux operating systems, as explained above.  All configuration is performed from the terminal.
+
[[UbuntuHelp:Iptables|Iptables]] is the database of firewall rules and is the actual firewall used in Linux systems. The traditional interface for configuring iptables in Linux systems is the command-line interface terminal. The other utilities in this section simplify the manipulation of the iptables database.  
=== Uncomplicated Firewall ===
+
=== UFW ===
 
[[UbuntuHelp:UFW|UFW]] (Uncomplicated Firewall) is a frontend for iptables and is particularly well-suited for host-based firewalls.  UFW was developed specifically for Ubuntu (but is available in other distributions), and is also configured from the terminal.   
 
[[UbuntuHelp:UFW|UFW]] (Uncomplicated Firewall) is a frontend for iptables and is particularly well-suited for host-based firewalls.  UFW was developed specifically for Ubuntu (but is available in other distributions), and is also configured from the terminal.   
 
[[UbuntuHelp:Gufw|Gufw]] is a graphical frontend to UFW, and is recommended for beginners.
 
[[UbuntuHelp:Gufw|Gufw]] is a graphical frontend to UFW, and is recommended for beginners.
 
UFW was introduced in Ubuntu 8.04 LTS (Hardy Heron), and is available by default in all Ubuntu installations after 8.04 LTS.
 
UFW was introduced in Ubuntu 8.04 LTS (Hardy Heron), and is available by default in all Ubuntu installations after 8.04 LTS.
 
=== Firestarter ===
 
=== Firestarter ===
[[UbuntuHelp:Firestarter|Firestarter]] is a popular graphical frontend for configuring iptables in Linux systems, however it is no longer actively maintained.
+
[[UbuntuHelp:Firestarter|Firestarter]] is a popular graphical frontend for configuring iptables in Linux systems and is fully functional. However, it is no longer actively maintained or updated.
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconNote.png Please note that it conflicts with ufw.
+
Firestarter can conflict with ufw if both are running at exactly the same time. However, both ufw and firestarter modify iptables in an episodic fashion, so that true conflicts are rare.
 +
=== Guarddog ===
 +
Guarddog is a frontend for iptables that functions in KDE-based desktops, such as Kubuntu. It has a greater deal of complexity (and flexibility, perhaps).
 
== See Also ==
 
== See Also ==
 
* [[UbuntuHelp:Security|Security]]
 
* [[UbuntuHelp:Security|Security]]

2010年5月19日 (三) 22:22的最新版本

Geographylogo.png 文章出处: 

https://help.ubuntu.com/community/Firewall

Geographylogo.png 点击翻译: 

English

请不要直接编辑翻译本页,本页将定期与来源同步。

Introduction

Traffic into or out of a computer is filtered through "ports," which are relatively arbitrary designations appended to traffic packets destined for use by a particular application. By convention, some ports are routinely used for particular types of applications. For example, port 80 is generally used for insecure web browsing and port 443 is used for secure web browsing. Traffic to particular applications can be allowed or blocked by "opening" or "closing" (i.e. filtering) the ports designated for a particular type of traffic. If port 80 is "closed," for example, no (insecure) web browsing will be possible. The Linux kernel includes the netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your computer. All modern Linux firewall solutions use this system for packet filtering. The kernel's packet filtering system would be of little use to users or administrators without a user interface with which to manage it. This is the purpose of iptables. When a packet reaches your computer, it is handed off to the netfilter subsystem for acceptance, manipulation, or rejection based on the rules supplied to it via iptables. Thus, iptables is all you need to manage your firewall (if you're familiar with it). Many frontends are available to simplify the task, however. Users can therefore configure the firewall to allow certain types of network traffic to pass into and out of a system (for instance SSH or web server traffic). This is done by opening and closing TCP and UDP "ports" in the firewall. Additonally, firewalls can be configured to allow or restrict access to specific IP addresses (or IP address ranges).

Managing the Firewall

iptables

Iptables is the database of firewall rules and is the actual firewall used in Linux systems. The traditional interface for configuring iptables in Linux systems is the command-line interface terminal. The other utilities in this section simplify the manipulation of the iptables database.

UFW

UFW (Uncomplicated Firewall) is a frontend for iptables and is particularly well-suited for host-based firewalls. UFW was developed specifically for Ubuntu (but is available in other distributions), and is also configured from the terminal. Gufw is a graphical frontend to UFW, and is recommended for beginners. UFW was introduced in Ubuntu 8.04 LTS (Hardy Heron), and is available by default in all Ubuntu installations after 8.04 LTS.

Firestarter

Firestarter is a popular graphical frontend for configuring iptables in Linux systems and is fully functional. However, it is no longer actively maintained or updated. Firestarter can conflict with ufw if both are running at exactly the same time. However, both ufw and firestarter modify iptables in an episodic fashion, so that true conflicts are rare.

Guarddog

Guarddog is a frontend for iptables that functions in KDE-based desktops, such as Kubuntu. It has a greater deal of complexity (and flexibility, perhaps).

See Also

Other:

External Links

取自“https://wiki.ubuntu.org.cn/index.php?title=UbuntuHelp:Firewall&oldid=138840