2019-04-23 15:30:43 +00:00
|
|
|
= Graphical User Interface
|
2019-01-27 12:42:39 +00:00
|
|
|
|
|
|
|
There are several graphical user interfaces available to configure iptables.
|
|
|
|
|
|
|
|
* link:http://www.fwbuilder.org/_fwbuilder[fwbuilder]: Very complete GUI tools
|
|
|
|
to configure iptables.
|
|
|
|
* link:http://shorewall.net/_Shorewall[Shorewall]: Another very complete GUI
|
|
|
|
like fwbuilder.
|
|
|
|
* link:http://www.turtlefirewall.com/_Turtle_firewall_project[Turtle firewall
|
|
|
|
project]: Web interface and integrated to webmin. But it can not handle all
|
|
|
|
iptables options.
|
|
|
|
* link:http://users.telenet.be/stes/ipmenu.html_IPmenu[IPmenu] :A console based
|
|
|
|
interface that covers all iptables functionality.
|
|
|
|
|
|
|
|
The following section describes yet another frontend: `system-config-firewall`.
|
|
|
|
|
2019-04-23 15:30:43 +00:00
|
|
|
== system-config-firewall
|
2019-01-27 12:42:39 +00:00
|
|
|
|
|
|
|
The GUI interface is similar to the text based interface just more friendly.
|
|
|
|
|
|
|
|
The first time you start the GUI you will receive a warning. The program will
|
|
|
|
*not* load your custom configuration. So any preexisting rules will be
|
|
|
|
overwritten.
|
|
|
|
|
|
|
|
image:Firewall_GUI_First_Time_Startup.PNG[First time
|
|
|
|
startup message,title="fig:First time startup message"]
|
|
|
|
|
|
|
|
Before you start, you have to enable your firewall to activate the
|
|
|
|
configuration utility.
|
|
|
|
|
|
|
|
image:FireWwall_GUI_startup.PNG[Firewall Gui startup
|
|
|
|
screen,title="Firewall Gui startup screen"]
|
|
|
|
|
|
|
|
The initial configuration is empty and will not allow any network traffic.
|
|
|
|
|
|
|
|
image:No_configuration.PNG[No firewall
|
|
|
|
configuration,title="No firewall configuration"]
|
|
|
|
|
|
|
|
You can ignore the warning and start the wizard. Click _forward_:
|
|
|
|
|
|
|
|
image:Firewall_Wizard.PNG[Firewall Wizard : welcome
|
|
|
|
screen,title="Firewall Wizard : welcome screen"]
|
|
|
|
|
|
|
|
Choose _System with network access_ to enable the firewall. The other option
|
|
|
|
_System without network access_ would disable the firewall and don't allow
|
|
|
|
access to any network.
|
|
|
|
|
|
|
|
image:Firewall_Wizard_2.PNG[Firewall Wizard : network
|
|
|
|
access?,title="Firewall Wizard : network access?"]
|
|
|
|
|
|
|
|
Next, you have to choose your skill level. The *Beginner* options only
|
|
|
|
allows the configuration of _trusted services_. This option is fine if you only
|
|
|
|
want to use services like _ftp_, _dns_, _http_, etc. It does not allow you to
|
|
|
|
configure customs port ranges. If you select *Expert*, you will have access to
|
|
|
|
firewall options. You can change the skill level later via _Options_ in the
|
|
|
|
main window.
|
|
|
|
|
|
|
|
image:Firewall_Wizard_3.PNG[Firewall Wizard :
|
|
|
|
skill?,title="Firewall Wizard : skill?"]
|
|
|
|
|
|
|
|
You can choose from a set of default configurations to start with. The *Server*
|
|
|
|
template will only enable SSH on the firewall. The _desktop template_ enables
|
|
|
|
additional ports (_IPsec_, _multicast DNS_, _Network Printing Client_ and
|
|
|
|
_SSH_). For convenience select *Desktop* and continue:
|
|
|
|
|
|
|
|
image:Firewall_Wizard_4.PNG[Firewall Wizard : configuration
|
|
|
|
base?,title="Firewall Wizard : configuration base?"]
|
|
|
|
|
|
|
|
To enable additional _trusted services_ just choose the services from the list.
|
|
|
|
|
|
|
|
image:Firewall_Wizard_5.PNG[Firewall Main interface :
|
|
|
|
enabled,title="Firewall Main interface : enabled"]
|
|
|
|
|
|
|
|
You can add custom rules after choosing *Other ports* from the side bar. Click
|
|
|
|
the *Add* button and either choose form services list on the right or tick
|
|
|
|
*User Defined* and fill in the requested information.
|
|
|
|
|
|
|
|
image:Firewall_GUI_other_ports.PNG[Firewall GUI : edit other ports
|
|
|
|
rules.,title="Firewall GUI : edit other ports rules."]
|
|
|
|
|
|
|
|
The other options in the sidebar *Trusted Interfaces*, *Masquerading*, *Port
|
|
|
|
Forwarding* and so on work exactly as in the text based interface.
|
|
|
|
|
|
|
|
When you finished the configuration, click *Apply* to save and activate the
|
2019-04-23 15:30:43 +00:00
|
|
|
firewall.
|