mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-12-01 07:39:48 +00:00
98 lines
4.3 KiB
Text
98 lines
4.3 KiB
Text
= Text-based User Interface
|
|
|
|
There are two ways to manage iptables rules using a text-based user
|
|
interface. These are `setup` and `system-config-firewall-tui`. If you start
|
|
`setup`, you will see something similar to the following:
|
|
|
|
image:Firewall-tui.PNG[setup menu
|
|
utility,title="setup menu utility",width=700]
|
|
|
|
If you select "Firewall configuration" you will see the screen below. You could
|
|
also invoke `system-config-firewall-tui`. This will take you directly to the
|
|
same screen. Make sure that "Firewall" is enabled, otherwise you cannot edit its
|
|
rule set. Continue by selecting "Customize":
|
|
|
|
image:First_menu_firewall_tui.PNG[Firewall Configuration by TUI. First
|
|
screen.,title="Firewall Configuration by TUI. First screen.",width=700]
|
|
|
|
There is a good chance, that a service you want to modify is part of the
|
|
list of standard "trusted services". Select the services you want to
|
|
trust (i.e. open their ports) and press "Forward". (This has to be read as
|
|
"next", it has nothing to do with port forwarding):
|
|
|
|
image:Firewall_TUI_Trusted_services.PNG[Editing trusted service with
|
|
firewall tui
|
|
interface.,title="Editing trusted service with firewall tui interface.",width=700]
|
|
|
|
The "Other ports" menu lets you open additional ports which are not in the list
|
|
of standard trusted services:
|
|
|
|
image:Firewall_TUI_other_ports.PNG[Editing Other ports on firewall
|
|
configuration by TUI
|
|
interface.,title="Editing Other ports on firewall configuration by TUI interface.",width=700]
|
|
|
|
To add other ports, specify one port or a port range. Choose between
|
|
_tcp_ and _udp_ for the protocol. The port range format is: _beginningPort
|
|
- endingPort_.
|
|
|
|
The "Trusted interfaces" menu allows you to trust all traffic on a network
|
|
interface. All traffic will be allowed and the port filtering rules will
|
|
never apply. You should only select interfaces which face private
|
|
networks. Never trust an interface that deals with traffic from networks which
|
|
are not under your full control.
|
|
|
|
image:Firewall_TUI_trusted_interfaces.PNG[Trusted
|
|
interfaces.,title="Trusted interfaces.",width=700]
|
|
|
|
The masquerading menu lets you select an interface to be masqueraded.
|
|
Masquerading is better known as
|
|
*https://en.wikipedia.org/wiki/Network_address_translation[NAT]* (Network
|
|
Address Translation). It is useful, to setup your computer as a gateway
|
|
between different networks:
|
|
|
|
image:Firewall_TUI_masquerading.PNG[Firewall TUI interface :
|
|
masquerading.,title="Firewall TUI interface : masquerading.",width=700]
|
|
|
|
Port forwarding, also known as
|
|
*https://en.wikipedia.org/wiki/Network_address_translation#Port_address_translation[PAT]*
|
|
(Port Address Translation), permits traffic from one port to be "rerouted" to
|
|
another port.
|
|
|
|
image:Firewall_TUI_Port_Forwarding.PNG[Firewall TUI interface :
|
|
configuring Port
|
|
Forwarding.,title="Firewall TUI interface : configuring Port Forwarding.",width=700]
|
|
|
|
You have to specify source and destination, as well as the interface and protocol
|
|
accordingly:
|
|
|
|
image:Firewall_TUI_Port_Forwarding_Adding.PNG[Firewall TUI : adding port
|
|
forwarding
|
|
rules.,title="Firewall TUI : adding port forwarding rules.",width=700]
|
|
|
|
The ICMP Filter menu lets you reject various types of ICMP packets. By
|
|
default, no limitations are made. You may define rules to reject
|
|
ICMP traffic, define the return type to ICMP request, etc.
|
|
|
|
image:Firewall_TUI_ICMP_Filter.PNG[Firewall TUI: configuring ICMP
|
|
behaviour.,title="Firewall TUI: configuring ICMP behaviour.",width=700]
|
|
|
|
Finally, you can add custom firewall rules. These must be prepared ahead
|
|
of time in files that use the same format for the command line interface.
|
|
|
|
image:Firewall_TUI_Custom_Rules.PNG[Firewall TUI: create custom
|
|
rules.,title="Firewall TUI: create custom rules.",width=700]
|
|
|
|
For adding custom rules you have specify the protocol (i.e. _ipv4_ or
|
|
_ipv6_) and the table you want your rules add to (_filter_, _mangle_, _nat_,...)
|
|
and - of course - the file containing your rules:
|
|
|
|
image:Firewall_TUI_Custom_Rules_Adding.PNG[Firewall TUI: adding a custom
|
|
rules.,title="Firewall TUI: adding a custom rules.",width=700]
|
|
|
|
When you have completed all menus, choose "Close" to resume to the first screen.
|
|
Select "OK" and confirm your changes by choosing "Yes". If you choose "No" you
|
|
will get back the configuration screen with no changes applied to your
|
|
firewall.
|
|
|
|
image:Firewall_TUI_Warning.PNG[Firewall TUI
|
|
warning.,title="Firewall TUI warning.",width=700]
|