hank-test/quick-docs
1
0
Fork 0
mirror of https://pagure.io/fedora-docs/quick-docs.git synced 2024-10-19 09:37:11 +00:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions
quick-docs/modules/ROOT/pages/_partials/iptables-tui.adoc
Ankur Sinha (Ankur Sinha Gmail) c88b6fa508
Ip-tables: correct nav and move to main folder and partials
2019-04-23 16:30:43 +01:00

98 lines
4.3 KiB
Text
Raw Blame History

= Text-based User Interface
There are two ways to manage iptables rules using a text-based user
interface. These are `setup` and `system-config-firewall-tui`. If you start
`setup`, you will see something similar to the following:
image:Firewall-tui.PNG[setup menu
utility,title="setup menu utility",width=700]
If you select "Firewall configuration" you will see the screen below. You could
also invoke `system-config-firewall-tui`. This will take you directly to the
same screen. Make sure that "Firewall" is enabled, otherwise you cannot edit its
rule set. Continue by selecting "Customize":
image:First_menu_firewall_tui.PNG[Firewall Configuration by TUI. First
screen.,title="Firewall Configuration by TUI. First screen.",width=700]
There is a good chance, that a service you want to modify is part of the
list of standard "trusted services". Select the services you want to
trust (i.e. open their ports) and press "Forward". (This has to be read as
"next", it has nothing to do with port forwarding):
image:Firewall_TUI_Trusted_services.PNG[Editing trusted service with
firewall tui
interface.,title="Editing trusted service with firewall tui interface.",width=700]
The "Other ports" menu lets you open additional ports which are not in the list
of standard trusted services:
image:Firewall_TUI_other_ports.PNG[Editing Other ports on firewall
configuration by TUI
interface.,title="Editing Other ports on firewall configuration by TUI interface.",width=700]
To add other ports, specify one port or a port range. Choose between
_tcp_ and _udp_ for the protocol. The port range format is: _beginningPort
- endingPort_.
The "Trusted interfaces" menu allows you to trust all traffic on a network
interface. All traffic will be allowed and the port filtering rules will
never apply. You should only select interfaces which face private
networks. Never trust an interface that deals with traffic from networks which
are not under your full control.
image:Firewall_TUI_trusted_interfaces.PNG[Trusted
interfaces.,title="Trusted interfaces.",width=700]
The masquerading menu lets you select an interface to be masqueraded.
Masquerading is better known as
*http://en.wikipedia.org/wiki/Network_address_translation[NAT]* (Network
Address Translation). It is useful, to setup your computer as a gateway
between different networks:
image:Firewall_TUI_masquerading.PNG[Firewall TUI interface :
masquerading.,title="Firewall TUI interface : masquerading.",width=700]
Port forwarding, also known as
*http://en.wikipedia.org/wiki/Network_address_translation#Port_address_translation[PAT]*
(Port Address Translation), permits traffic from one port to be "rerouted" to
another port.
image:Firewall_TUI_Port_Forwarding.PNG[Firewall TUI interface :
configuring Port
Forwarding.,title="Firewall TUI interface : configuring Port Forwarding.",width=700]
You have to specify source and destination, as well as the interface and protocol
accordingly:
image:Firewall_TUI_Port_Forwarding_Adding.PNG[Firewall TUI : adding port
forwarding
rules.,title="Firewall TUI : adding port forwarding rules.",width=700]
The ICMP Filter menu lets you reject various types of ICMP packets. By
default, no limitations are made. You may define rules to reject
ICMP traffic, define the return type to ICMP request, etc.
image:Firewall_TUI_ICMP_Filter.PNG[Firewall TUI: configuring ICMP
behaviour.,title="Firewall TUI: configuring ICMP behaviour.",width=700]
Finally, you can add custom firewall rules. These must be prepared ahead
of time in files that use the same format for the command line interface.
image:Firewall_TUI_Custom_Rules.PNG[Firewall TUI: create custom
rules.,title="Firewall TUI: create custom rules.",width=700]
For adding custom rules you have specify the protocol (i.e. _ipv4_ or
_ipv6_) and the table you want your rules add to (_filter_, _mangle_, _nat_,...)
and - of course - the file containing your rules:
image:Firewall_TUI_Custom_Rules_Adding.PNG[Firewall TUI: adding a custom
rules.,title="Firewall TUI: adding a custom rules.",width=700]
When you have completed all menus, choose "Close" to resume to the first screen.
Select "OK" and confirm your changes by choosing "Yes". If you choose "No" you
will get back the configuration screen with no changes applied to your
firewall.
image:Firewall_TUI_Warning.PNG[Firewall TUI
warning.,title="Firewall TUI warning.",width=700]
Reference in a new issue View git blame Copy permalink