Firewalls (Italiano)

From ArchWiki
Revision as of 08:25, 28 April 2008 by Mrc68 (Talk | contribs) (Http:/www.archlinux.it/wiki/wiki/index.php?title=index.php/Firewalls moved to Firewalls (Italiano): Correggere il precedente errore commesso nella creazione della pagina.)

Jump to: navigation, search


Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Firewalls (Italiano)#)
Template:I18n links start

Template:I18n entry Template:I18n entry Template:I18n links end

Firewalling Arch

Un firewall é un sistema destinato a prevenire accessi non autorizzati a una rete privata (che può essere anche una singola macchina) o provenienti da essa. Il firewall può essere realizzato mediante hardware, software o da una combinazione. I firewalls sono frequentemente impiegati per impedire ad utenti di internet non autorizzati di connettersi a reti private collegate con internet, specialmente reti intranet. Tutti i messaggi entranti e uscenti dalla intranet attraversano il firewall che esamina ogni messaggio e permette, proxys, o nega il traffico in base a criteri di sicurezza specificati.

C'é una comoda lista di firewalls here, e un confronto di alcuni firewalls here.

Ci sono molti post nei forums riguardo differenti applicazioni firewall e scripts, così sono stati riuniti qui in un'unica pagina - perfavore aggiungete i vostri commenti riguardo ad ogni firewall, specialmente facilità d'uso e controlli di sicurezza at Shields Up

iptables

Il kernel ha un proprio firewall molto sicuro e potente chiamato iptables. Abitualmente gli altri firewall sono solo interfacce con esso. Per usare iptables in Arch, si deve prima scaricare la sua userland utilies:

# pacman -S iptables

Then define some rules and run /etc/rc.d/iptables save. This script will call iptables-save and save your rules into /etc/iptables/iptables.rules.

Now you can start iptables, this will call iptables-restore and load your rules:

# /etc/rc.d/iptables start

You can add it into DAEMONS array in /etc/rc.conf, preferably before 'network', so it will be loaded everytime you boot:

DAEMONS=(... iptables network ...)

In fact, iptables is more than just a firewall. You can use it to share your internet connection for your private network. If you have your internal network already working but you can't access internet, just add this rule to your gateway-pc iptables:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Comment by Dheart For some reason the above postrouting line didn't work for me so I used

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to xxx.xxx.xxx.xxx 

where xxx.xxx.xxx.xxx is the ip address of my eth0 (the LAN card that has internet connection)

More info:

Firewall

Simple /etc/rc.d/ firewall, configured with /etc/conf.d/firewall firewall pkgbuild


ferm

ferm - for Easy Rule Making ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists. ferm home page


uruk

uruk loads an rc file, which defines network service access policy, and invokes iptables to set up firewall rules implementing this policy. uruk home page


Guarddog

Requires kdelibs, but is a really easy to use GUI for configuring iptables. After setting up a basic desktop configuration it passes all Shields Up tests perfectly.

To have the firewall settings applied at bootup you must run /etc/rc.firewall from inside /etc/rc.local or something similar.

Website | Package | Forum


Firestarter

A good GUI based firewall, uses gnome dependencies. Firestarter has the ability to use both white and black lists for regulating traffic. Very simple and easy to use, with good documentation available on their website.

Website | Package

Firewall Builder

Website | Package


KMyFirewall

Graphical front-end with good setup-wizard.

Firewall editing capabilities are simple enough to use to be suitable for beginners, but also allow for sophisticated tweaking of the firewall settings.

Website | Package


Quicktables

Script. Step by step questions with great explanations

Forum


Arno's Firewall

Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines.

The script:

  • EASY to configure and highly customizable
  • daemon script included
  • a filter script that makes your firewall log more readable

Supports:

  • NAT and SNAT
  • port forwarding
  • ADSL ethernet modems with both static and dynamically assigned IPs
  • MAC address filtering
  • stealth port scan detection
  • DMZ and DMZ-2-LAN forwarding
  • protection against SYN/ICMP flooding
  • extensive user definable logging with rate limiting to prevent log flooding
  • all IP protocols and VPNs such as IPSec
  • plugin support to add extra features.

Website | Package | Forum

gShield

Really simple iptable configuration. (Nothing to do with gnome) Easy to configure, blocks everything not needed (almost) by default. Controlled by only one config file. It gave me all stealth on grc.com
Pros:

  • Easy to configure
  • Only one config file
  • Will give you a iptables configuration, which is the best firewall

Cons:

  • No GUI

Website | Forum


Shorewall

The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Website | Package | Forum


Firehol

FireHOL is a language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it.

Website | Package


FireFlier

Looks like a nice alternative, has Java/Qt/Gtk frontends for iptables.

Website | Server Package | Client Package


Firetable

iptables-based firewall with "human readable" syntax.

Website


WikiMigration--dlanor 14:55, 23 Jul 2005 (EDT)