Difference between revisions of "Firewalls (Italiano)"

From ArchWiki
Jump to: navigation, search
m (removed category)
(alligned to enlish page and started trasnlation)
Line 1: Line 1:
 
[[Category:Networking (Italiano)]]
 
[[Category:Networking (Italiano)]]
 
[[Category:Security (Italiano)]]
 
[[Category:Security (Italiano)]]
{{stub}}
+
{{translateme}}
 
+
 
{{i18n|Firewalls}}
 
{{i18n|Firewalls}}
  
 +
Un firewall é un sistema destinato a prevenire accessi non autorizzati ad una rete privata (che può essere anche una singola macchina) o provenienti da essa. Il firewall può essere realizzato mediante hardware, software o da una combinazione.
 +
I firewall sono frequentemente impiegati per impedire ad utenti di internet non autorizzati di connettersi a reti private collegate con internet, specialmente reti intranet. Tutti i pacchetti in entrata ed in uscita dalla intranet passano attraversano il firewall che esamina ogni pacchetto e ne permette l'ingresso, ne permette il transito, oppure lo nega ai pacchetti in base a criteri di sicurezza specificati.
  
===Firewalling Arch===
+
Si può trovare una buona lista di firewalls [http://wiki.debian.org/Firewalls quì]. Ed un confronto tra alcuni firewall [http://www.securityfocus.com/infocus/1410 quì].
Un firewall é un sistema destinato a prevenire accessi non autorizzati a una rete privata (che può essere anche una singola macchina) o provenienti da essa. Il firewall può essere realizzato mediante hardware, software o da una combinazione.
+
I firewalls sono frequentemente impiegati per impedire ad utenti di internet non autorizzati di connettersi a reti private collegate con internet, specialmente reti intranet. Tutti i messaggi entranti e uscenti dalla intranet attraversano il firewall che esamina ogni messaggio e permette, proxys, o nega il traffico (and allows, proxys, or denies the traffic) in base a criteri di sicurezza specificati.
+
  
C'é una comoda lista di firewalls [http://wiki.debian.org/Firewalls here], e un confronto di alcuni firewalls [http://www.securityfocus.com/infocus/1410 here].
+
Ci sono molti post nei forums riguardo alle differenti applicazioni firewall e scripts, così sono stati riuniti qui in un'unica pagina - perfavore aggiungete i vostri commenti riguardo ad ogni firewall, specialmente facilità d'uso e controlli di sicurezza in [https://www.grc.com/x/ne.dll?bh0bkyd2 Shields Up]
  
Ci sono molti post nei forums riguardo differenti applicazioni firewall e scripts, così sono stati riuniti qui in un'unica pagina - perfavore aggiungete i vostri commenti riguardo ad ogni firewall, specialmente facilità d'uso e controlli di sicurezza at [https://www.grc.com/x/ne.dll?bh0bkyd2 Shields Up]
+
==[[iptables]]==
 +
The Linux kernel itself has very powerful firewall called iptables. Other firewalls are usually just frontends.
  
====iptables====
+
See the [[iptables|iptables article]] for more information.
Il kernel ha un proprio firewall molto sicuro e potente chiamato ''iptables''.
+
Abitualmente gli altri firewall sono solo interfacce con esso. Per usare iptables in Arch, si deve prima scaricare la sua userland utilies:
+
  
# pacman -S iptables
+
'''More info:'''
 
+
*[[Simple stateful firewall]]
Quindi definire alcune regole e lanciare <code>/etc/rc.d/iptables save</code>. Questo script chiamerà iptables-save e salverà le tue regole in <code>/etc/iptables/iptables.rules</code>.
+
*[[Router]]
 
+
Adesso potrete avviare iptables, ciò chiamerà iptables-restore e caricherà le tue regole:
+
 
+
# /etc/rc.d/iptables start
+
 
+
Potete aggiungere iptables nei DAEMONS in <code>/etc/rc.conf</code>, preferibilmente prima di 'network', così sarà caricato ad ogni avvio:
+
+
DAEMONS=(... iptables network ...)
+
 
+
Di fatto, iptables é più di un semplice firewall. Potete usarlo per condividere la vostra connessione ad internet con la vostra rete privata. Se avete la vostra rete interna già operativa, ma non potete accedere ad internet, aggiungete questa regola a iptables sul gateway-pc:
+
 
+
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
 
+
'''Comment by Dheart'''
+
Per qualche ragione la precedente postrouting line nel mio caso non funziona, così uso:
+
 
+
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to xxx.xxx.xxx.xxx
+
 
+
dove xxx.xxx.xxx.xxx l'indirizzo IP della mia eth0 (la LAN card che serve per la connessione a internet)
+
 
+
'''Ulteriori info:'''
+
*[[Simple_stateful_firewall_HOWTO|Simple stateful firewall HOWTO]]
+
*http://gentoo-wiki.com/HOWTO_Iptables_for_newbies
+
 
*man iptables http://unixhelp.ed.ac.uk/CGI/man-cgi?iptables+8
 
*man iptables http://unixhelp.ed.ac.uk/CGI/man-cgi?iptables+8
 
*http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/
 
*http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/
 
*http://netfilter.org/documentation/HOWTO/NAT-HOWTO.html
 
*http://netfilter.org/documentation/HOWTO/NAT-HOWTO.html
*http://iptables-tutorial.frozentux.net/iptables-tutorial.html
+
*http://www.frozentux.net/documents/iptables-tutorial/
* [http://blog.webhosting.uk.com/2006/11/02/how-to-install-and-configure-apf-firewall-for-cpanel/ How to install and configure APF Firewall for cPanel?]
+
  
====Firewall====
+
==iptables front-ends==
Semplice /etc/rc.d/ firewall, configurato con /etc/conf.d/firewall
+
===Arno's Firewall===
[[firewall pkgbuild]]
+
[http://rocky.eld.leidenuniv.nl/ Arno's IPTABLES Firewall Script] is a secure firewall for both single and multi-homed machines.
  
====ferm====
+
The script:
ferm - for Easy Rule Making
+
*EASY to configure and highly customizable
ferm é un utensile per mantenere firewalls complessi senza avere il problema di riscrivere regole complesse innumerevoli volte. ferm permette di immagazzinare l'intero set di regole in un file separato e di caricarlo con un comando. La configurazione del firewaal assomiglia ad un linguaggio di programmazione strutturato (structured programming-like language), che può contenere livelli e liste.
+
*daemon script included
 +
*a filter script that makes your firewall log more readable
  
[http://ferm.foo-projects.org/ ferm home page]
+
Supports:
 
+
 
+
====uruk====
+
uruk carica un file rc , che definisce le politiche di accesso ai servizi di rete e invoca iptables per impostare le regole che implementano queste politiche (to set up firewall rules implementing this policy).
+
[http://mdcc.cx/uruk/ uruk home page]
+
 
+
 
+
====Guarddog====
+
Richiede kdelibs, ma é una GUI (interfaccia grafica) molto facile da usare per configurare iptables. Dopo aver impostato una configurazione base del desktop, passa tutti i test Shields Up perfettamente (After setting up a basic desktop configuration it passes all Shields Up tests perfectly).
+
 
+
Per far applicare le impostazioni del firewall ad ogni avvio dovete lanciare ...? (you must run ''/etc/rc.firewall'' from inside ''/etc/rc.local'' or something similar.
+
 
+
[http://www.simonzone.com/software/guarddog/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=8998 Package ] | [http://bbs.archlinux.org/viewtopic.php?t=9717 Forum]
+
 
+
 
+
====Firestarter====
+
Un buon firewall con interfaccia grafica che utilizza le dipendenze di gnome.  Firestarter ha la possibilità di utilzzare sia liste di consenso che di divieto (to use both white and black lists) per regolare il traffico. Molto semplice e facile da usare, con una buona documentazione disponibile sul sito.
+
 
+
[http://www.fs-security.com/ Website] | [http://www.archlinux.org/packages/1973/ Package]
+
 
+
====Firewall Builder====
+
[http://www.fwbuilder.org/ Website] | [http://www.archlinux.org/packages/611/ Package]
+
 
+
 
+
====KMyFirewall====
+
Interfaccia grafica con una buona procedura guidata per l'impostazione.
+
 
+
La modifica delle impostazioni del Firewall é abbastanza semplice da renderne l'uso adatto ai principianti (editing capabilities are simple enough to use to be suitable for beginners), ma permette anche una sofisticata impostazione del firewall (also allow for sophisticated tweaking of the firewall settings).
+
 
+
[http://kmyfirewall.sourceforge.net/ Website] | [http://www.archlinux.org/packages/5431/ Package]
+
 
+
 
+
====Quicktables====
+
E' uno script. Domande ampiamente spiegate per una impostazione passo dopo passo.
+
 
+
[http://bbs.archlinux.org/viewtopic.php?t=10527 Forum]
+
 
+
 
+
====Arno's Firewall====
+
Lo script IPTABLES Firewall di Arno é un firewall sicuro (a secure stateful firewall) sia per macchine singole che multi utente (for both single and multi-homed machines).
+
 
+
Lo script:
+
*FACILE da configurare e altamente personalizzabile,
+
*script dei demoni inclusi,
+
*uno script filtro che rende il file di log maggiormente leggibile.
+
 
+
Supporta:
+
 
*NAT and SNAT
 
*NAT and SNAT
 
*port forwarding
 
*port forwarding
*ADSL ethernet modems con assegnazione degli indirizzi IP sia statica che dinamica
+
*ADSL ethernet modems with both static and dynamically assigned IPs
 
*MAC address filtering
 
*MAC address filtering
 
*stealth port scan detection
 
*stealth port scan detection
Line 117: Line 45:
 
*plugin support to add extra features.
 
*plugin support to add extra features.
  
[http://rocky.molphys.leidenuniv.nl/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=6680 Package] | [http://bbs.archlinux.org/viewtopic.php?t=24159 Forum]
+
===ferm===
 +
[http://ferm.foo-projects.org/ ferm] (which stands for "For Easy Rule Making") is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.
 +
 
 +
===Firehol===
 +
[http://firehol.sourceforge.net/ FireHOL] is a language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it. The result is actually iptables rules.
 +
 
 +
{{Codeline|firehol}} is available in the community repository.
 +
 
 +
===Firetable===
 +
[http://projects.leisink.org/firetable Firetable] is an iptables-based firewall with "human readable" syntax.
 +
 
 +
{{Codeline|firetable}} is available in [[AUR]].
 +
 
 +
===gShield===
 +
[http://muse.linuxmafia.org/gshield/ gShield]{{Linkrot|2011|09|04}} is a really simple iptables configuration system. (Nothing to do with gnome) Easy to configure, blocks everything not needed (almost) by default. Controlled by only one configuration file. It gave me all stealth on grc.com
 +
 
 +
{{Codeline|gshield}} is available in [[AUR]].
 +
 
 +
Pros:
 +
*Easy to configure
 +
*Only one configuration file
 +
*Will give you a iptables configuration, which is the best firewall
 +
Cons:
 +
*No GUI
 +
 
 +
===Shorewall===
 +
[http://www.shorewall.net/ The Shoreline Firewall], more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.
  
====gShield====
+
{{Codeline|shorewall}} is available in the {{Codeline|community}} repository.
Configurazione di iptable veramente semplice (Really simple iptable configuration). (Nothing to do with gnome) Facile da configurare, blocca qualsiasi cosa non necessaria (quasi) per default. Controllato solamente con un file di configurazione. Mi da tutta la sicurezza su grc.com (It gave me all stealth on grc.com)
+
Pro:
+
*Facile da configurare,
+
*Solo un file di configurazione,
+
*Ti da la configurazione di iptables, che é il miglior firewall.
+
Contro:
+
*Non ha una GUI
+
  
[http://muse.linuxmafia.org/gshield/ Website] | [http://bbs.archlinux.org/viewtopic.php?t=4557 Forum]
+
===ufw===
 +
ufw (uncomplicated firewall) is a simple frontend for iptables and is available in [community].
  
 +
See [[Uncomplicated Firewall]] for more information.
  
==== Shorewall====
+
===Vuurmuur===
Il Shoreline Firewall, più comunemente conosciuto come "Shorewall", é un'utilità di alto livello per configurare Netfilter. Descrivi le richieste del tuo firewall/gateway utilizzando entrate (using entries) in un set di files di configurazione. Shorewall legge questi file di configurazione e con l'aiuto di iptables utility, configura Netfilter per incontrare le tue richieste. Shorewall può essere usato su un sistema firewall dedicato, un gateway/router/server multifunzione o su un sistema GNU/Linux singolo. Shorewall non usa il (Netfilter's ipchains compatibility mode) e può quindi avvantaggiarsi (of Netfilter's connection state tracking capabilities).
+
[http://www.vuurmuur.org/ Vuurmuur] Vuurmuur is a powerful firewall manager built on top of iptables. It has a simple and easy to learn configuration that allows both simple and complex configurations. The configuration can be fully configured through an ncurses GUI, which allows secure remote administration through SSH or on the console. Vuurmuur supports traffic shaping, has powerful monitoring features, which allow the administrator to look at the logs, connections and bandwidth usage in realtime.
  
[http://www.shorewall.net/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=8935 Package] | [http://bbs.archlinux.org/viewtopic.php?t=8937 Forum]
+
{{Codeline|Vuurmuur}} and is available in [[AUR]].
  
 +
==iptables GUIs==
 +
===Firestarter===
 +
[http://www.fs-security.com/ Firestarter] is a good GUI for iptables writen on GTK2, it has the ability to use both white and black lists for regulating traffic, it is very simple and easy to use, with good documentation available on their website.
  
==== Firehol====
+
Firestarter has gnome dependencies and is available in [[AUR]].
FireHOL é un linguaggio per esprimere le regole del firewall, non solo uno script che produce qualche tipo di firewall. Rende facile costruire anche un sofisticato firewall come lo vuoi tu. (It makes building even sophisticated firewalls easy - the way you want it).
+
  
[http://firehol.sourceforge.net/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=3971 Package]
+
===Guarddog===
 +
[http://www.simonzone.com/software/guarddog/ Guarddog] is a really easy to use GUI for configuring iptables. After setting up a basic desktop configuration it passes all Shields Up tests perfectly.
  
 +
Guarddog requires kdelibs3 and is available in the [[AUR]] repository.
  
==== FireFlier====
+
To have the firewall settings applied at bootup you must run ''/etc/rc.firewall'' from inside ''/etc/rc.local'' or something similar.
Sembra una interesante alternativa, ha un'interfaccia Java/Qt/Gtk per iptables.
+
  
[http://fireflier.sourceforge.net/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=4647 Server Package] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=5261 Client Package]
+
===Uncomplicated firewall frontends===
  
 +
See [[Uncomplicated_Firewall#GUI_frontends]].
  
==== Firetable====
+
===KMyFirewall===
Firewall basato su iptables con una sintassi "human readable".
+
[http://kmyfirewall.sourceforge.net/ KMyFirewall] is KDE3 GUI for iptables.
  
[http://hiawatha.leisink.org/index.php?page=firetable Website]
+
Firewall editing capabilities are simple enough to use to be suitable for beginners, but also allow for sophisticated tweaking of the firewall settings.
  
 +
KMyFirewall requires kdelibs3 and is available in [[AUR]].
  
 +
==Firewall Builder==
 +
[http://www.fwbuilder.org/ Firewall Builder] is "a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. [...] The program runs on Linux, FreeBSD, OpenBSD, Windows and Mac OS X and can manage both local and remote firewalls." Source: http://www.fwbuilder.org/
  
WikiMigration--[[User:Dlanor|dlanor]] 14:55, 23 Jul 2005 (EDT)
+
{{Codeline|fwbuilder}} is available in the {{Codeline|extra}} repository.

Revision as of 13:30, 2 October 2011

Tango-preferences-desktop-locale.pngThis article or section needs to be translated.Tango-preferences-desktop-locale.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Firewalls (Italiano)#)

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Un firewall é un sistema destinato a prevenire accessi non autorizzati ad una rete privata (che può essere anche una singola macchina) o provenienti da essa. Il firewall può essere realizzato mediante hardware, software o da una combinazione. I firewall sono frequentemente impiegati per impedire ad utenti di internet non autorizzati di connettersi a reti private collegate con internet, specialmente reti intranet. Tutti i pacchetti in entrata ed in uscita dalla intranet passano attraversano il firewall che esamina ogni pacchetto e ne permette l'ingresso, ne permette il transito, oppure lo nega ai pacchetti in base a criteri di sicurezza specificati.

Si può trovare una buona lista di firewalls quì. Ed un confronto tra alcuni firewall quì.

Ci sono molti post nei forums riguardo alle differenti applicazioni firewall e scripts, così sono stati riuniti qui in un'unica pagina - perfavore aggiungete i vostri commenti riguardo ad ogni firewall, specialmente facilità d'uso e controlli di sicurezza in Shields Up

iptables

The Linux kernel itself has very powerful firewall called iptables. Other firewalls are usually just frontends.

See the iptables article for more information.

More info:

iptables front-ends

Arno's Firewall

Arno's IPTABLES Firewall Script is a secure firewall for both single and multi-homed machines.

The script:

  • EASY to configure and highly customizable
  • daemon script included
  • a filter script that makes your firewall log more readable

Supports:

  • NAT and SNAT
  • port forwarding
  • ADSL ethernet modems with both static and dynamically assigned IPs
  • MAC address filtering
  • stealth port scan detection
  • DMZ and DMZ-2-LAN forwarding
  • protection against SYN/ICMP flooding
  • extensive user definable logging with rate limiting to prevent log flooding
  • all IP protocols and VPNs such as IPSec
  • plugin support to add extra features.

ferm

ferm (which stands for "For Easy Rule Making") is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.

Firehol

FireHOL is a language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it. The result is actually iptables rules.

Template:Codeline is available in the community repository.

Firetable

Firetable is an iptables-based firewall with "human readable" syntax.

Template:Codeline is available in AUR.

gShield

gShieldTemplate:Linkrot is a really simple iptables configuration system. (Nothing to do with gnome) Easy to configure, blocks everything not needed (almost) by default. Controlled by only one configuration file. It gave me all stealth on grc.com

Template:Codeline is available in AUR.

Pros:

  • Easy to configure
  • Only one configuration file
  • Will give you a iptables configuration, which is the best firewall

Cons:

  • No GUI

Shorewall

The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Template:Codeline is available in the Template:Codeline repository.

ufw

ufw (uncomplicated firewall) is a simple frontend for iptables and is available in [community].

See Uncomplicated Firewall for more information.

Vuurmuur

Vuurmuur Vuurmuur is a powerful firewall manager built on top of iptables. It has a simple and easy to learn configuration that allows both simple and complex configurations. The configuration can be fully configured through an ncurses GUI, which allows secure remote administration through SSH or on the console. Vuurmuur supports traffic shaping, has powerful monitoring features, which allow the administrator to look at the logs, connections and bandwidth usage in realtime.

Template:Codeline and is available in AUR.

iptables GUIs

Firestarter

Firestarter is a good GUI for iptables writen on GTK2, it has the ability to use both white and black lists for regulating traffic, it is very simple and easy to use, with good documentation available on their website.

Firestarter has gnome dependencies and is available in AUR.

Guarddog

Guarddog is a really easy to use GUI for configuring iptables. After setting up a basic desktop configuration it passes all Shields Up tests perfectly.

Guarddog requires kdelibs3 and is available in the AUR repository.

To have the firewall settings applied at bootup you must run /etc/rc.firewall from inside /etc/rc.local or something similar.

Uncomplicated firewall frontends

See Uncomplicated_Firewall#GUI_frontends.

KMyFirewall

KMyFirewall is KDE3 GUI for iptables.

Firewall editing capabilities are simple enough to use to be suitable for beginners, but also allow for sophisticated tweaking of the firewall settings.

KMyFirewall requires kdelibs3 and is available in AUR.

Firewall Builder

Firewall Builder is "a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. [...] The program runs on Linux, FreeBSD, OpenBSD, Windows and Mac OS X and can manage both local and remote firewalls." Source: http://www.fwbuilder.org/

Template:Codeline is available in the Template:Codeline repository.